ISO 13491-1:2007

INTERNATIONAL ISO
STANDARD 13491-1
Second edition
2007-06-15
Banking — Secure cryptographic devices
(retail) —
Part 1:
Concepts, requirements and evaluation
methods
Banque — Dispositifs cryptographiques de sécurité (services aux
particuliers) —
Partie 1: Concepts, exigences et méthodes d'évaluation

Reference number
©
ISO 2007
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.

©  ISO 2007
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO 2007 – All rights reserved

Contents Page
Foreword. iv
Introduction . v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions. 2
4 Abbreviated terms . 4
5 Secure cryptographic device concepts. 4
5.1 General. 4
5.2 Attack scenarios . 5
5.3 Defence measures . 6
6 Requirements for device security characteristics . 8
6.1 Introduction . 8
6.2 Physical security requirements for SCDs . 8
6.3 Logical security requirements for SCDs .11
7 Requirements for device management. 12
7.1 General. 12
7.2 Life cycle phases . 13
7.3 Life cycle protection requirements . 14
7.4 Life cycle protection methods. 15
7.5 Accountability . 17
7.6 Device management principles of audit and control . 18
8 Evaluation methods. 20
8.1 General. 20
8.2 Risk assessment. 21
8.3 Informal evaluation method. 22
8.4 Semi-formal evaluation method . 24
8.5 Formal evaluation method . 26
Annex A (informative) Concepts of security levels for system security . 27
Bibliography . 30

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies
(ISO member bodies). The work of preparing International Standards is normally carried out through ISO
technical committees. Each member body interested in a subject for which a technical committee has been
established has the right to be represented on that committee. International organizations, governmental and
non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the
International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of technical committees is to prepare International Standards. Draft International Standards
adopted by the technical committees are circulated to the member bodies for voting. Publication as an
International Standard requires approval by at least 75 % of the member bodies casting a vote.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO shall not be held responsible for identifying any or all such patent rights.
ISO 13491-1 was prepared by Technical Committee ISO/TC 68, Financial services, Subcommittee SC 2,
Security management and general banking operations.
This second edition cancels and replaces the first edition (ISO 13491-1:1998), which has been technically
revised.
ISO 13491 consists of the following parts, under the general title Banking — Secure cryptographic devices
(retail):
⎯ Part 1: Concepts, requirements and evaluation methods
⎯ Part 2: Security compliance checklists for devices used in financial transactions
iv © ISO 2007 – All rights reserved

Introduction
ISO 13491 describes both the physical and logical characteristics and the management of the secure
cryptographic devices (SCDs) used to protect messages, cryptographic keys and other sensitive information
used in a retail financial services environment.
The security of retail electronic payment systems is largely dependent upon the security of these
cryptographic devices. This security is based upon the premise that computer files can be accessed and
manipulated, communications lines can be “tapped” and authorized data or control inputs into system
equipment can be replaced with unauthorized inputs. When Personal Identification Numbers (PINs), message
authentication codes (MACs), cryptographic keys and other sensitive data are processed, there is a risk of
tampering or other compromise to disclose or modify such data. The risk of financial loss is reduced through
the appropriate use of cryptographic devices that have proper characteristics and are properly managed.

INTERNATIONAL STANDARD ISO 13491-1:2007(E)

Banking — Secure cryptographic devices (retail) —
Part 1:
Concepts, requirements and evaluation methods
1 Scope
This part of ISO 13491 specifies the requirements for secure cryptographic devices (SCDs) based on the
cryptographic processes defined in ISO 9564, ISO 16609 and ISO 11568.
This part of ISO 13491 has two primary purposes:
⎯ to state the requirements concerning both the operational characteristics of SCDs and the management
of such devices throughout all stages of their life cycle, and
⎯ to standardize the methodology for verifying compliance with those requirements.
Appropriate device characteristics are necessary to ensure that the device has the proper operational
capabilities and provides adequate protection for the data it contains. Appropriate device management is
necessary to ensure that the device is legitimate, that it has not been modified in an unauthorized manner (e.g.
by “bugging”) and that any sensitive data placed within the device (e.g. cryptographic keys) has not been
subject to disclosure or change.
Absolute security is not achievable in practical terms. Cryptographic security depends upon each life cycle
phase of the SCD and the complementary combination of appropriate management procedures and secure
cryptographic characteristics. These management procedures implement preventive measures to reduce the
opportunity for a breach of SCD security. These aim for a high probability of detection of any unauthorized
access to sensitive or confidential data, should device characteristics fail to prevent or detect the security
compromise.
Annex A provides an informative illustration of the concepts of security levels described in this part of
ISO 13491 as being applicable to SCDs.
This part of ISO 13491 does not address issues arising from the denial of service of an SCD.
Specific requirements for the characteristics and management of specific types of SCD functionality used in
the retail financial services environment are contained in ISO 13491-2.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.
ISO 11568-1, Banking — Key management (retail) — Part 1: Principles
ISO 11568-2:2005, Banking — Key management (retail) — Part 2: Symmetric ciphers, their key management
and life cycle
ISO 11568-4, Banking — Key management (retail) — Part 4: Key management techniques using public key
cryptosystems
ISO 13491-2, Banking — Secure cryptographic devices (retail) — Part 2: Security compliance checklists for
devices used in financial transactions
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
3.1
accreditation authority
authority responsible for the accreditation of evaluation authorities and supervision of their work in order to
guarantee the reproducibility of the evaluation results
3.2
accredited evaluation authority
body accredited in accordance with a set of rules and accepted by the accreditation authority for the purpose
of evaluation
NOTE An example of a set of rules is ISO/IEC 17025.
3.3
assessment checklist
list of claims, organized by device type, and contained in ISO 13491-2
3.4
assessment report
output of the assessment review body, based on the results from an assessor
3.5
assessment review body
group with responsibility for reviewing and making judgements on the results from the assessor
3.6
assessor
person who checks, assesses, reviews and evaluates compliance with an informal evaluation on behalf of the
sponsor or assessment review body
3.7
attack
attempt by an adversary on the device to obtain or modify sensitive information or a service he is not
authorized to obtain or modify
3.8
certification report
output of the evaluation review body, based on the results from an accredited evaluation authority
3.9
controller
entity responsible for the secure management of an SCD
3.10
deliverables
documents, equipment and any other items or information needed by the evaluators to perform an evaluation
of the SCD
2 © ISO 2007 – All rights reserved

3.11
device compromise
successful defeat of the physical or logical protections provided by the SCD, resulting in the potential
disclosure of sensitive information or unauthorized use of the SCD
3.12
device security
security of the SCD related to its characteristics only, without reference to a specific operational environment
3.13
environment-dependent security
security of an SCD as part of an operational environment
3.14
evaluation agency
organization trusted by the design, manufacturing and sponsoring authorities, which evaluates the SCD (using
specialist skills and tools) in accordance with this part of ISO 13491
3.15
evaluation report
output of the evaluation review body, based on the results from an evaluation agency or auditor
3.16
evaluation review body
group with responsibility for reviewing, and making judgements on, the results of the evaluation agency
3.17
formal claim
statement about the characteristics and functions of an SCD
3.18
logical security
ability of a device to withstand attacks through its functional interface
3.19
operational environment
environment in which the SCD is operated, i.e. the system of which it is part, the location where it is placed,
the persons operating and using it and the entities communicating with it
3.20
physical security
ability of a device to withstand attacks against its physical construction, including physical characteristics such
as electromagnetic emissions and power fluctuations, the analysis of which can lead to side channel attacks
3.21
secure cryptographic device
SCD
device that provides physically and logically protected cryptographic services and storage (e.g. PIN entry
device or hardware security module), and which may be integrated into a larger system, such as an
automated teller machine (ATM) or point of sale (POS) terminal
3.22
sensitive data
sensitive information
data, status information, cryptographic keys, etc., which need to be protected against unauthorized disclosure,
alteration, or destruction
3.23
sensitive state
device condition that provides access to the secure operator interface, such that it can only be entered when
the device is under dual or multiple control
3.24
sponsoring authority
sponsor
individual, company or organization that requires the SCD to undergo evaluation
3.25
tamper evident characteristic
characteristic that provides evidence that an attack has been attempted
3.26
tamper resistant characteristic
characteristic that provides passive physical protection against an attack
3.27
tamper response characteristic
characteristic that provides an active response to the detection of an attack
4 Abbreviated terms
ATM automated teller machine
MAC message authentication code
PIN Personal Identification Number
POS point of sale
SCD secure cryptographic device
5 Secure cryptographic device concepts
5.1 General
Cryptography is used in retail financial services to help ensure the following objectives:
a) the integrity and authenticity of sensitive data, e.g. by MAC-ing transaction details;
b) the confidentiality of secret information, e.g. by encrypting customer PINs;
c) the confidentiality, integrity and authenticity of cryptographic keys;
d) the security of other sensitive operations, e.g. PIN verification.
To ensure that the above objectives are met, the following threats to the security of the cryptographic
processing shall be countered:
⎯ disclosure or modification of cryptographic keys and other sensitive information;
⎯ unauthorized use of cryptographic keys and services.
4 © ISO 2007 – All rights reserved

A secure cryptographic device (SCD) is a physically and logically secure hardware device providing a defined
set of cryptographic functions, access controls and secure key storage. SCDs are employed to protect against
these threats. The requirements of this part of ISO 13491 pertain to the SCD and not the system in which the
SCD may be integrated. However, it is important to analyse the interfaces between the SCD and the
remainder of the system to ensure that the SCD may not be compromised.
Since absolute security is not achievable in practical terms, it is not realistic to describe an SCD as being
“tamper proof” or “physically secure”. With enough cost, effort and skill, virtually any security scheme can be
defeated. Furthermore, as technology continues to evolve, new techniques may be developed to attack a
security scheme that was previously believed to be immune to feasible attack. Therefore, it is more realistic to
categorize an SCD as possessing a degree of tamper protection, where an acceptable degree is one that is
deemed adequate to deter any attack envisaged as feasible during the operational life of the device, taking
into account the equipment, skills and other costs to the adversary in mounting a successful attack and the
financial benefits that the adversary could realize from such an attack.
Security of retail payment systems includes the physical and logical aspects of device security, the security of
the operational environment and management of the device. These factors establish jointly the security of the
devices and the applications in which they are used. The security needs are derived from an assessment of
the risks arising from the intended applications.
The required security characteristics will depend on the intended application and operational environment, and
on the attack types that need to be considered. A risk assessment should be made as an aid to selecting the
most appropriate method of evaluating the security of the device. The results are then assessed in order to
accept the devices for a certain application and environment. Evaluation methods are given in Clause 8.
5.2 Attack scenarios
5.2.1 General
SCDs are subject to the following five primary classes of attack, which may be used in combination:
⎯ penetration;
⎯ monitoring;
⎯ manipulation;
⎯ modification;
⎯ substitution.
These attacks are described below.
NOTE These attack scenarios do not form an exhaustive list, but are an indication of the main areas of concern.
5.2.2 Penetration
Penetration is an attack which involves the physical perforation or unauthorized opening of the device to
ascertain sensitive data contained within it, e.g. cryptographic keys.
5.2.3 Monitoring
Monitoring is an attack which may involve the monitoring of electromagnetic radiation, power consumption
differentials, timing differentials, etc. for the purposes of discovering sensitive information contained within the
device. Alternatively, it may involve the visual, aural or electronic monitoring of secret data being entered into
the device.
5.2.4 Manipulation
Manipulation involves the unauthorized sending to the device of a sequence of inputs, varying the external
inputs to the device (such as power or clock signals), or subjecting the device to other environmental stresses
so as to cause the disclosure of sensitive information or to obtain a service in an unauthorized manner. An
example of this would be causing the device to enter its “test mode”, in order that sensitive information could
be disclosed or the device integrity manipulated.
5.2.5 Modification
Modification is the unauthorized alteration of the logical or physical characteristics of the device, e.g. inserting
or overlaying a PIN-disclosing “bug” in, or on, a PIN pad between the point of PIN entry and the point of PIN
encryption. The purpose of modification is to alter the device rather than to immediately disclose information
contained within the device. Following modification, the device shall be made (or shall remain) operational, in
order for the attack to be successful. The unauthorized replacement of a cryptographic key contained within a
device is a form of modification.
5.2.6 Substitution
Substitution is the unauthorized replacement of one device with another. The replacement device might be a
look-alike “counterfeit” or emulating device, having all or some of the correct logical characteristics plus some
unauthorized functions, such as a PIN-disclosing bug. The replacement device might also be a
once-legitimate device that has been subject to unauthorized modifications and then substituted for another
legitimate device.
Substitution may include removal of the device in order to perform a penetration or modification attack in an
environment better suited to such attacks. Substitution can be seen as a special case of modification in which
the adversary does not actually modify the target device, but instead replaces it with a modified substitute.
5.3 Defence measures
5.3.1 General
To defend against the attack scenarios discussed above, three factors work together to provide the security
required:
⎯ device characteristics;
⎯ device management;
⎯ environment.
While in some cases a single factor, e.g. device characteristics, may be dominant, the normal situation is that
all factors are necessary to achieve the desired result.
5.3.2 Device characteristics
SCDs are designed and implemented with logical and physical security so as to deter attack scenarios such
as those described in 5.2.
Physical security characteristics can be subdivided into three classes:
⎯ tamper evidence characteristics;
⎯ tamper resistance characteristics;
⎯ tamper response characteristics.
6 © ISO 2007 – All rights reserved

Physical implementations are usually a combination of these three classes of characteristics. Other physical
security characteristics may be required to defend against other passive attacks, such as monitoring. Physical
security characteristics may also help defend against modification or substitution.
The intent of tamper evidence is to provide evidence that an attack has been attempted and may or may not
have resulted in the unauthorized disclosure, use or modification of the sensitive information. The disclosure
of an attempted attack could be in the form of physical evidence, such as damage to the external casing. The
evidence could also be that the device is no longer in its expected location.
The intent of tamper resistance is to block attacks by employing passive barriers or logical design features.
Barriers are usually single purpose and are designed to block a particular threat, such as a penetration attack.
The logical protection measures are designed typically to prevent the leakage of sensitive information, or to
prevent the illicit modification of system or application software.
The intent of tamper response is to employ active mechanisms against attacks. The active protection
mechanisms are triggered when the device detects abnormal operating conditions and they are intended to
alter protected information into an unusable form.
The implementation of the various protection characteristics is dependent on the designer's knowledge and
experience of known attacks against the particular implementation. For that reason, attacks against tamper
characteristics are usually directed to discovering which, if any, of the known threats the implementer failed to
address. The attacker will also attempt to discover new attacks that are likely to be unknown to the
implementer. Evaluation of the security of an SCD is difficult and not conclusive, in that the evaluation
normally only proves that the design successfully blocks attacks known to the evaluator at the time of the
evaluation, but does not, or cannot, evaluate resistance to unknown attacks.
5.3.3 Device management
Device management refers to the external controls placed on the device during its life cycle and by its
environments (see Clause 7). These controls include:
⎯ external key management methods,
⎯ security practices, and
⎯ operational procedures.
The security level may change during the device life cycle. A primary objective of device management is to
ensure that device characteristics are not subject to unauthorized alteration during the life of the device.
5.3.4 Environment
The objective of environment security is to control access to the SCD and its services, thus preventing, or at
least detecting, attacks on the SCD. Throughout its life cycle, an SCD will reside in a variety of environments
(see Clause 7). These environments may be characterized as ranging from highly controlled to minimally
controlled. A highly controlled environment is one that includes constant surveillance by trusted individuals,
while a minimally controlled environment may not include any special environmental security supplements. If
the security of an SCD is dependent on some function of a controlled environment, it shall be satisfactorily
proven that the controlled environment actually provides this function.
6 Requirements for device security characteristics
6.1 Introduction
Device characteristics of an SCD may be categorized as either physical or logical, as described below.
⎯ Physical characteristics are the physical components that comprise the SCD and the way the device is
constructed using those components.
⎯ Logical characteristics are the way that inputs are processed to produce device outputs or to change
logical state.
The SCD shall have characteristics that ensure the device or its interface does not compromise any sensitive
data which is input to or output from the device, or stored or processed in the device.
Where the SCD is operated in a controlled environment, the requirements for device characteristics may rely
on the protection provided by the controlled environment and the management of the device.
6.2 Physical security requirements for SCDs
6.2.1 General
An SCD shall be so designed that any failure of a component in the device, or use of that component outside
the device specification, does not result in the disclosure or undetected modification of sensitive data.
An SCD shall be so designed and constructed that any unauthorized access to, or modification of, sensitive
data (including device software) that are input, stored or processed in it, necessitates physical penetration of
the device.
NOTE 1 It is advisable that an SCD should be so designed and constructed that any additions of external devices
which intercept or substitute data input to or output from the SCD for the purpose of masquerade have a high probability of
being detected and/or recognized as not being part of a correct device.
When an SCD is designed to permit access to internal areas, e.g. for maintenance, if such access could
compromise security, it shall have a mechanism so that such access causes immediate erasure of all
cryptographic keys and other sensitive data if compromise cannot otherwise be prevented.
NOTE 2 For the purposes of this part of ISO 13491, maintenance covers the following three states of the device:
⎯ service: up-keep of the device to ensure its operational condition;
⎯ inspection: physical inspection of the device and assessment of its actual condition;
⎯ repair: reinstatement of the device to its operational condition.
The SCD and its data entry functions shall be, by design, construction and/or deployment, capable of being
shielded from direct and indirect monitoring such that no feasible attack will result in compromise of any secret
or sensitive data.
The integrity of each tamper protection mechanism shall be ensured. This may be accomplished through the
use of additional tamper protection mechanisms, i.e. a layered defence.
6.2.2 Tamper evidence requirements
6.2.2.1 If a device claims to rely on tamper evidence characteristics to defend against substitution,
penetration or modification attacks, the manner in which the device defends against the attacks shall be as
described in 6.2.2.2 to 6.2.2.4 below.
8 © ISO 2007 – All rights reserved

6.2.2.2 Substitution To protect against substitution with a forged or compromised device, the device
shall be so designed that it is not practical for an attacker to construct a duplicate from commercially available
components which can reasonably be mistaken for a genuine device.
6.2.2.3 Penetration To ensure that penetration of an SCD is detected, the device shall be so
designed and constructed that any successful penetration shall require that the device be subject to physical
damage or prolonged absence from its authorized location, such that the device cannot be placed back into
service without a high probability of detection when returned to operational use.
6.2.2.4 Modification To ensure that modification of an SCD is detected, the device shall be so
designed and constructed that any successful modification shall require that the device be subject to physical
damage or prolonged absence from its authorized location, such that the device cannot be placed back into
service without a high probability of detection when returned to operational use.
6.2.3 Tamper resistance requirements
6.2.3.1 If a device claims to rely on tamper resistance characteristics to defend against penetration,
modification, monitoring or substitution/removal attacks, the manner in which the device defends against the
attacks shall be as described in 6.2.3.2 to 6.2.3.5 below.
6.2.3.2 Penetration An SCD shall be protected against successful penetration by being tamper
resistant to such a degree that its passive resistance is sufficient to make penetration infeasible both in its
intended environment and when taken to a specialized facility, where it would be subjected to penetration
attempts by specialized equipment.
6.2.3.3 Modification The unauthorized modification of any key or other sensitive data stored within
the SCD, or the placing within the SCD of a tap (e.g. active, passive, radio) to record such sensitive data, shall
not be possible unless the SCD be taken to a specialized facility and at this facility be subject to damage such
that the SCD is rendered inoperable.
6.2.3.4 Monitoring Monitoring shall be countered by using tamper resistant device characteristics.
The passive physical barriers shall include the following:
⎯ shielding against electromagnetic emissions, such that no sensitive information could feasibly be
disclosed by monitoring the device;
⎯ privacy shielding, such that during normal operation, sensitive information entered will not be easily
observable to other persons (e.g. the device could be designed and installed so that the device can be
shielded from monitoring by the user’s own body).
Where parts of the device cannot be appropriately protected from monitoring, these parts of the device shall
not store, transmit or process sensitive data.
The device shall be designed and constructed in such a way that any unauthorized additions to the device,
intended to monitor it for sensitive data, shall have a high probability of being detected before such monitoring
can occur.
6.2.3.5 Substitution/Removal If protection against substitution/removal is required, the device shall
be secured in such a manner that it is not economically feasible to remove the device from its intended place
of operation.
6.2.4 Tamper response requirements
6.2.4.1 Where an SCD employs a tamper response mechanism, the integrity of the mechanism shall be
ensured by employing tamper response characteristics and/or tamper resistant characteristics.
If a device claims to rely on tamper response characteristics to defend against penetration, modification or
substitution/removal attacks, the manner in which the device defends against the attacks shall be as
described in 6.2.4.2 to 6.2.4.4 below.
6.2.4.2 Penetration A device that claims tamper response characteristics shall be designed and
constructed to ensure that penetration of the device results in the immediate and automatic erasure of all keys
and other sensitive data and all useful residues of sensitive data.
6.2.4.3 Modification A device that claims tamper response characteristics shall be designed to detect
any unauthorized modification and shall cause the immediate and automatic erasure of all keys and other
sensitive data and all useful residues of such sensitive data.
6.2.4.4 Substitution/Removal Removal of the device can be the first step to an attack when taken
out of its operating environment. Therefore, if the security of the device depends on the operating environment,
the unauthorized movement of the device shall cause the immediate and automatic erasure of all keys and
other sensitive data and all useful residues of such sensitive data.
6.2.5 Physically secure devices
A physically secure device is a hardware device which cannot be feasibly penetrated or manipulated to
disclose all or part of any cryptographic key, PIN or other secret value resident within the device.
Penetration of the device shall cause the automatic and immediate erasure of all PINs, cryptographic keys
and other secret values and all useful residues of those contained within the device, i.e. the device has tamper
response characteristics.
A device shall only be operated as a physically secure device when it can be assured that the device’s internal
operation has not been modified to allow penetration (e.g. the insertion within the device of an active or
passive “tapping” mechanism).
6.2.6 Devices using exclusively unique key per transaction key management
Key management techniques exist where penetration of an SCD does not permit the determination of any key
or other sensitive data used by the device for any previous transaction, given the knowledge of all data stored
within the device as well as any relevant data that has ever existed outside the device, except within another
SCD, e.g. a key loading device. Devices that exclusively use these key management techniques may have
reduced tamper protection requirements, providing that the unauthorized determination of the secret data (e.g.
PINs and keys) stored within the SCD, or the placing within the device of a “tap” to record secret data, shall
require that the device be taken to a specialized facility and either:
⎯ be unavailable for a sufficiently long time, such that there is a high probability that its absence from its
operational location is detected, and/or
⎯ be subjected to physical damage at this facility, such that the device cannot be placed back in service
without a high probability of the tampering being detected: furthermore, the determination of secret data
or the placing of a “tap” within the device shall require specialized equipment and skills, which are not
generally available.
Devices that do not exclusively use these key management techniques shall be physically secure devices, as
defined in 6.2.5.
The logical security features of the SCD shall ensure that any working keys stored within a device are not
themselves directly loaded into the device. Rather, the working keys are created within the device by
irreversibly transforming the keying material, which is directly loaded into the device. The directly loaded
keying material shall not be stored within the device. This will ensure that compromised working keys cannot
be used in other SCDs.
10 © ISO 2007 – All rights reserved

6.3 Logical security requirements for SCDs
6.3.1 Dual control
Where a requirement for dual or multiple control is stated below, the requirement for logical security device
characteristics is that the device shall provide facilities which support the secure implementation of dual or
multiple control.
6.3.2 Unique key per device
To limit the impact of a private key compromise, the private key of an SCD shall be unique to that device.
To limit the impact of a secret key compromise, the secret keys used by a pair of communicating SCDs shall
be unique, except by chance, to that pair of SCDs.
As a consequence of the above requirements, each PIN entry device within a population of such devices shall
have unique keys, except by chance.
NOTE In support of load balancing and disaster recovery processes, a collection of SCDs can employ a common key
where all devices within that collection are used strictly for a single common purpose, e.g. host security modules and key
loading devices.
6.3.3 Assurance of genuine device
The provision of a genuine, uncompromised device shall be assured by device management. Where a device
possesses tamper response characteristics, this may be accomplished by delivering the device with secret
information installed (e.g. a key or password) which enables the recipient to ascertain that the device is
genuine and not compromised.
6.3.4 Design of functions
The function set of an SCD shall be so designed that no single function, nor any combination of functions, can
result in disclosure of sensitive data, except as explicitly allowed by the security scheme used. Care shall be
taken to ensure that legitimate functions cannot be used to disclose sensitive information. Therefore,
protection against exhaustive searches is needed. When the environment does not provide this protection, it
shall be provided by device characteristics.
The following methods are examples of how this can be achieved:
⎯ internal monitoring of statistics, e.g. so that only some given fraction of incorrect PIN verifications are
permitted;
⎯ imposing between function calls a minimum time interval that could facilitate an exhaustive search.
6.3.5 Use of cryptographic keys
An SCD shall enforce a key separation scheme, such that no key can be used for any purpose but its single
intended purpose (see ISO 11568-2 and ISO 11568-4).
The key generation methods of an SCD shall comply with ISO 11568-2 or ISO 11568-4.
An SCD shall implement only key management schemes that comply with the principles outlined in
ISO 11568-1.
6.3.6 Sensitive device states
If an SCD can be put into a “sensitive state”, i.e. a state that allows functions which are normally not permitted
(such as manual loading of plaintext cryptographic keys into a device that already has operational keys), then
such a transition shall require dual control via a secure operator interface.
NOTE An SCD need not necessarily be put into a sensitive state in order to perform initial loading of plaintext
cryptographic keys.
Activation of a tamper response mechanism shall not put the SCD into a sensitive state.
If passwords or other plaintext data are used to control transition to a sensitive state, then the input of such
passwords shall be protected.
To minimize the risks of unauthorized use of sensitive functions, the sensitive state shall be established with
one or more limits on its use (e.g. the number of function calls and a time limit). After the first of these limits is
reached, the device shall immediately and automatically return to its normal state.
6.3.7 Multiple cryptographic relationships
Where multiple cryptographic relationships are to be maintained in a device (e.g. a multi-acquirer PIN pad),
the selection of cryptographic key sets for encipherment of sensitive data (e.g. PINs) shall be controlled so
that there is no feasible way to select the incorrect key set deliberately or by accident. In this situation, the
source and path of data used to select a cryptographic key set shall be physically or logically protected.
6.3.8 SCD software authentication
The SCD shall support a mechanism that ensures that only software approved by the controller can be loaded
and installed in the SCD.
NOTE Examples of acceptable methods include generating a cryptographic check value for the software or
enciphering the software. Any keys used for this operation need to be managed by the controller or their agent.
6.3.9 Logical design features
Logical design features shall include the following:
⎯ measures to prevent the successful discovery of keying material through monitoring external connections
to the device (e.g. protection against differential power analysis and timing attacks);
⎯ measures to prevent the cost-effective discovery of sensitive information, such as PINs, through
exhaustive search.
7 Requirements for device management
7.1 General
The security of an SCD depends not only upon the characteristics of the device, but also upon the
characteristics of the environment in which the device is located. Device management may therefore be
viewed as requirements imposed on the device’s environment. The device shall be subject to appropriate
auditing and controls that are applied at each phase of the device’s life cycle. If this were not done, the device
might be subject, in one or more phases of its life cycle, to the attack scenarios identified earlier.
Depending on where the device is in its life cycle, it may be sufficient to rely on detection of compromise, or it
may be necessary to prevent compromise. The method for compromise detection or prevention can also vary
depending on the life cycle phase of the device.
12 © ISO 2007 – All rights reserved

7.2 Life cycle phases
A life cycle phase is a result of a change in either the environment and/or the state of the device. Different
SCDs can have substantially different life cycles. Figure 1 presents a generalized device life cycle, indicating
the possible phases in the life of an SCD and the events that cause a transition from one phase to the next. It
is important to distinguish between these phases because the protection requirements for the device, as well
as the means of providing protection, may change as the device moves from one life cycle phase to another.

Figure 1 — Device life-cycle state diagram
For the purpose of this part of ISO 13491, the phases of the life cycle are defined for the security sensitive
portions of the device as follows:
⎯ manufacturing/repair: the design, construction, repair, upgrade and testing of a device so that it
incorporates the intended functional and physical characteristics of that device;
⎯ post-manufacturing: phase consisting of the transport and storage of t
...