Norm

CWA 14722-3:2004-08 en

Ingebouwde IC kaart lezer (Embedded FINREAD) voor financiële transacties - Deel 3: Functionele en veiligheidsspecificaties

52,00

Over deze norm

Status Definitief
Aantal pagina's 86
Gepubliceerd op 01-09-2004
Taal Engels
This document defines functional and security requirements for the different components of the Embedded FINREAD device. It is structured in 2 parts as described hereafter: Part I - Functional Specifications - it gives an overall description of the Embedded FINREAD card reader architecture and components ; - it describes in detail the different Embedded FINREAD card reader operating modes ; - it specifies the characteristics and functional requirements of the main components of the Embedded FINREAD card reader ; - it defines functions to be provided internally by the Embedded FINREAD card reader environment for the Embedded FINREAD card reader applications ; - it describes the functionality required by Embedded FINREAD aware applications to interface with the Embedded FINREAD card reader. Part II - Security Specifications - it describes security assumptions on which the risk analysis performed was based ; - it lists security requirements for the different components of the Embedded FINREAD device; - it describes the implementation of these requirements ; - it describes key management ; - it lists cryptographic functions and describes the random number generator provided by the core software. The document Embedded FINREAD Security Objectives, Security Requirements and Rationale is added to this document as an Annex. The Security Requirements expressed in the Annex are set to be easily rewritten as Protection Profile as regards the Common Criteria requirements. The main objective of the Embedded FINREAD CWA is to provide a secure and interoperable solution which realistically matches the standards of the targeted industries. According to the conclusions reached by part 2 of this CWA Embedded FINREAD Technical Architecture and Functional Requirements, these specifications distinguish 3 different standard Java technologies for the runtime environment of the Embedded FINREAD card reader: J2ME/CLDC and MIDP 2.0, STIP Technology and DVB-MHP. Other Java standards compliant with Embedded FINREAD functional and security requirements may also be considered by industry actors who wish to implement these specifications. The choice of basing the Embedded FINREAD specifications on several Java technologies, as opposed to a single technology common to all types of devices impacts Embedded FINREAD initial objectives of global interoperability : The level of interoperability supported by Embedded FINREAD is the ability to run Embedded FINREAD card reader applications on different devices potentially having different capabilities and different architectures but supporting the same Java technology and having capabilities that meet the minimum required by the application. The reason of this choice is to ensure that these specifications appropriately respond to real market needs: requiring vendors to change or adapt their basic Java technology in order to comply with Embedded FINREAD would likely dissuade them from implementing these specifications. Hence, mandating a single Java Technology is not practical, since it would potentially exclude useful devices that are based on other Java technologies. Other aspects of interoperability such as protocol interoperability between different types of devices and application providers, or infrastructure interoperability between devices and service providers are part of the main objectives of Embedded FINREAD and are not affected by this choice. Some requirements and functionality defined by this CWA are currently missing within the referenced Java environments. The organisations responsible for issuing the specifications of these environments are working towards the release of new versions that should take into consideration most of the missing functionality needed to comply with Embedded FINREAD. Part 4 of this CWA Embedded FINREAD Technical Architecture and definition of APIs, provides a detailed description of the missing functionality for each referenced Java platform, and defines the technical responses

Details

ICS-code 35.240.15
Nederlandse titel Ingebouwde IC kaart lezer (Embedded FINREAD) voor financiële transacties - Deel 3: Functionele en veiligheidsspecificaties
Engelse titel Embedded financial transactional IC card reader (embedded FINREAD) - Part 3: Functional and Security Specifications
Vervangt

Winkelwagen

Subtotaal:

Ga naar winkelwagen