HOME   Cart(0)   Quotation   About-Us Policy PDFs Standard-List
www.ChineseStandard.net Database: 189760 (18 Oct 2025)

JR/T 0025.17-2013 PDF English

US$160.00 · In stock · Download in 9 seconds
JR/T 0025.17-2013: China financial integrated circuit card specifications. Part 17: Enhanced debit/credit application security specification
Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See step-by-step procedure
Status: Obsolete
Standard IDContents [version]USDSTEP2[PDF] deliveryName of Chinese StandardStatus
JR/T 0025.17-2013English160 Add to Cart 0-9 seconds. Auto-delivery China financial integrated circuit card specifications. Part 17: Enhanced debit/credit application security specification Obsolete

Excerpted PDFs (Download full copy in 9 seconds upon purchase)

PDF Preview: JR/T 0025.17-2013
      

Similar standards

GB/T 19584   GB/T 12406   JR/T 0025.18   

JR/T 0025.17-2013: China financial integrated circuit card specifications. Part 17: Enhanced debit/credit application security specification


---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/JRT0025.17-2013
JR FINANCIAL INDUSTRY STANDARD ICS 35.240.40 A 11 Registration number. China financial integrated circuit card specifications – Part 17.Enhanced debit/credit application security specification Issued on. FEBRUARY 05, 2013 Implemented on. FEBRUARY 05, 2013 Issued by. People’s Bank of China

Table of Contents

Foreword... 4 Introduction... 6 1 Scope... 7 2 Normative references... 7 3 Terms and definitions... 8 4 Symbols and abbreviations... 10 5 Offline data authentication... 13 6 Application of cryptogram and issuer authentication... 25 7 Security message... 29 8 Security mechanism... 30 9 Approved algorithms... 36 10 Algorithm selection and transaction process... 36 11 PIN change/unlock command data calculation method... 45 Appendix A (Normative) Algorithm identifier... 47 References... 49

1 Scope

This part as an enhancement to JR/T 0025.7, mainly describes the debit/credit application security features requirements based on SM2, SM3, SM4 algorithm, and the security mechanism and approved encryption algorithm to achieve these security features, including IC card offline data authentication methods based on SM2 and SM3, communication security between SM4-based IC card and issuer, and security mechanisms and encryption algorithms involved in implementing these security features. This part applies to the security-related equipment, card, terminal machine, and management, etc., of the financial debit/credit card application issued or accepted by the bank. The objective user is mainly the card, terminal and encryption device design, manufacture, management, issuance, application system research, development, integration and maintenance, and other departments (units) related to the application of the financial debit/credit IC card.

2 Normative references

The following documents are essential to the application of this document. For the dated documents, only the versions with the dates indicated are applicable to this document; for the undated documents, only the latest version (including all the amendments) are applicable to this Standard. JR/T 0025.4 China financial integrated circuit card specifications - Part 4. Debit/credit application overview JR/T 0025.5 China financial integrated circuit card specifications - Part 5. Debit/credit application card specification JRIT 0025.7 China financial integrated circuit card specifications - Part 7. Debit/credit application security specification GM/T 0002 SM4 block cipher algorithm GM/T 0003 Public key cryptographic algorithm SM2 based on elliptic curves

3 Terms and definitions

The following terms and definitions apply to this document. 3.1 Application Application protocols and related data sets between cards and terminals. 3.2 Command A message sent from the terminal to the IC card that initiates an operation or requests a response. 3.3 Cryptogram Encryption operation results. 3.4 Financial transaction Information exchange, clearing and settlement of funds between cardholders, issuers, merchants and acquirers due to the exchange of goods or services between cardholders and merchants. 3.5 Integrated circuit (IC) Electronic devices with processing and/or storage capabilities.

4 Symbols and abbreviations

The following symbols and abbreviations apply to this document.

5 Offline data authentication

5.1 Static data authentication (SDA) 5.1.1 Key and certificate The certificate authority uses the certificate authority private key SCA to sign the data specified in Table 1 using the SM2 algorithm to obtain the issuer public key certificate in the format shown in Table 4. 5.2 Dynamic data authentication (DDA) 5.2.1 Key and certificate The certificate authority uses the certificate authority private key SCA to sign the data specified in Table 1 using the SM2 algorithm, to obtain the issuer public key certificate in the format shown in Table 4. 5.2.2 Issuer public key acquisition See 5.1.2. 5.2.3 IC card public key acquisition The IC card public key certificate data as obtained by the terminal is as shown in Table 8.The public key of the IC card is included in the IC card public key certificate in the form of plain text, and the terminal verifies the signature field in the IC card public key certificate with the public key of the issuer. If the verification is passed, the public key information is extracted from the IC card public key certificate. 5.2.4 Standard dynamic data authentication 5.2.4.1 Dynamic signature generation Use of SM2 algorithm to generate dynamic signature is in accordance with the following steps. 5.2.5 Combined dynamic data authentication/application cryptogram generation (CDA) 5.2.5.1 Generation of dynamic signatures IC card uses SM2 algorithm to generate dynamic signature, combined dynamic signature, and application cryptogram generation in accordance with the following steps.

6 Application of cryptogram and issuer authentication

6.1 Application cryptogram generation 6.1.1 Data Source Selection See JR/T 0025.7. 6.1.2 Application cryptogram algorithm Using a single 16-byte IC card application cryptogram (AC) unique key MKAC and the data source as described in clause 6.1.1 as the input, to calculate the 8-byte application cryptogram using the following two steps. 6.2 Issuer authentication The method of generating an 8-byte authorized response cryptogram ARPC is to encrypt the 8-byte length ARQC and the 2-byte authorization response code ACR which is generated in clause 8.1.2 in accordance with the symmetric encryption algorithm as specified in clause 11.1.2 using the 16-byte application cryptogram process key SKAC (see clause 8.1.2), and the encryption steps are as follows.

7 Security message

7.1 Message integrity and verification 7.1.1 MAC process key generation The first step in the security message MAC generation consists of dispersing a unique 16-byte security message authentication code (MAC) unique key and the 2-byte ATC from the IC card to obtain a unique 16-byte security message authentication code (MAC) process key. AND the process key generation method is as shown in clause 8.1.3. 7.2 Message privacy 7.2.1 Encryption process key generation The first step in security message encryption/decryption consists of dispersing of the unique 16-byte encryption security message encryption unique key and the 2-byte ATC from the IC card to obtain a unique 16-byte encryption process key. And the process key generation method is as shown in clause 8.1.3.

8 Security mechanism

8.1 Symmetric encryption mechanism 8.1.1 Encryption and decryption Encryption of data uses a 16-byte grouping encryption algorithm, either in electronic code book (ECB) mode or cipher block chaining (CBC) mode. JR/T 0025 uses ECB mode as encryption and decryption mode. The procedure for encrypting message MSG of any length with encryption process key Ks is as follows. 8.1.3 Process key generation MAC and data encryption process key generation is as follows. 8.2.1 This part uses the GM/T 0003 elliptic curve algorithm for digital signature algorithm

9 Approved algorithms

9.1 Symmetric encryption algorithm The symmetric encryption algorithm used in this part is the SM4 algorithm, and the algorithm is defined in GM/T 0002. 9.2 Asymmetric algorithm The asymmetric algorithm used in this part is the SM2 algorithm, and the algorithm is defined in GM/T 0003. JR/T 0025.17-2013 JR FINANCIAL INDUSTRY STANDARD ICS 35.240.40 A 11 Registration number. China financial integrated circuit card specifications – Part 17.Enhanced debit/credit application security specification Issued on. FEBRUARY 05, 2013 Implemented on. FEBRUARY 05, 2013 Issued by. People’s Bank of China

Table of Contents

Foreword... 4 Introduction... 6 1 Scope... 7 2 Normative references... 7 3 Terms and definitions... 8 4 Symbols and abbreviations... 10 5 Offline data authentication... 13 6 Application of cryptogram and issuer authentication... 25 7 Security message... 29 8 Security mechanism... 30 9 Approved algorithms... 36 10 Algorithm selection and transaction process... 36 11 PIN change/unlock command data calculation method... 45 Appendix A (Normative) Algorithm identifier... 47 References... 49

1 Scope

This part as an enhancement to JR/T 0025.7, mainly describes the debit/credit application security features requirements based on SM2, SM3, SM4 algorithm, and the security mechanism and approved encryption algorithm to achieve these security features, including IC card offline data authentication methods based on SM2 and SM3, communication security between SM4-based IC card and issuer, and security mechanisms and encryption algorithms involved in implementing these security features. This part applies to the security-related equipment, card, terminal machine, and management, etc., of the financial debit/credit card application issued or accepted by the bank. The objective user is mainly the card, terminal and encryption device design, manufacture, management, issuance, application system research, development, integration and maintenance, and other departments (units) related to the application of the financial debit/credit IC card.

2 Normative references

The following documents are essential to the application of this document. For the dated documents, only the versions with the dates indicated are applicable to this document; for the undated documents, only the latest version (including all the amendments) are applicable to this Standard. JR/T 0025.4 China financial integrated circuit card specifications - Part 4. Debit/credit application overview JR/T 0025.5 China financial integrated circuit card specifications - Part 5. Debit/credit application card specification JRIT 0025.7 China financial integrated circuit card specifications - Part 7. Debit/credit application security specification GM/T 0002 SM4 block cipher algorithm GM/T 0003 Public key cryptographic algorithm SM2 based on elliptic curves

3 Terms and definitions

The following terms and definitions apply to this document. 3.1 Application Application protocols and related data sets between cards and terminals. 3.2 Command A message sent from the terminal to the IC card that initiates an operation or requests a response. 3.3 Cryptogram Encryption operation results. 3.4 Financial transaction Information exchange, clearing and settlement of funds between cardholders, issuers, merchants and acquirers due to the exchange of goods or services between cardholders and merchants. 3.5 Integrated circuit (IC) Electronic devices with processing and/or storage capabilities.

4 Symbols and abbreviations

The following symbols and abbreviations apply to this document.

5 Offline data authentication

5.1 Static data authentication (SDA) 5.1.1 Key and certificate The certificate authority uses the certificate authority private key SCA to sign the data specified in Table 1 using the SM2 algorithm to obtain the issuer public key certificate in the format shown in Table 4. 5.2 Dynamic data authentication (DDA) 5.2.1 Key and certificate The certificate authority uses the certificate authority private key SCA to sign the data specified in Table 1 using the SM2 algorithm, to obtain the issuer public key certificate in the format shown in Table 4. 5.2.2 Issuer public key acquisition See 5.1.2. 5.2.3 IC card public key acquisition The IC card public key certificate data as obtained by the terminal is as shown in Table 8.The public key of the IC card is included in the IC card public key certificate in the form of plain text, and the terminal verifies the signature field in the IC card public key certificate with the public key of the issuer. If the verification is passed, the public key information is extracted from the IC card public key certificate. 5.2.4 Standard dynamic data authentication 5.2.4.1 Dynamic signature generation Use of SM2 algorithm to generate dynamic signature is in accordance with the following steps. 5.2.5 Combined dynamic data authentication/application cryptogram generation (CDA) 5.2.5.1 Generation of dynamic signatures IC card uses SM2 algorithm to generate dynamic signature, combined dynamic signature, and application cryptogram generation in accordance with the following steps.

6 Application of cryptogram and issuer authentication

6.1 Application cryptogram generation 6.1.1 Data Source Selection See JR/T 0025.7. 6.1.2 Application cryptogram algorithm Using a single 16-byte IC card application cryptogram (AC) unique key MKAC and the data source as described in clause 6.1.1 as the input, to calculate the 8-byte application cryptogram using the following two steps. 6.2 Issuer authentication The method of generating an 8-byte authorized response cryptogram ARPC is to encrypt the 8-byte length ARQC and the 2-byte authorization response code ACR which is generated in clause 8.1.2 in accordance with the symmetric encryption algorithm as specified in clause 11.1.2 using the 16-byte application cryptogram process key SKAC (see clause 8.1.2), and the encryption steps are as follows.

7 Security message

7.1 Message integrity and verification 7.1.1 MAC process key generation The first step in the security message MAC generation consists of dispersing a unique 16-byte security message authentication code (MAC) unique key and the 2-byte ATC from the IC card to obtain a unique 16-byte security message authentication code (MAC) process key. AND the process key generation method is as shown in clause 8.1.3. 7.2 Message privacy 7.2.1 Encryption process key generation The first step in security message encryption/decryption consists of dispersing of the unique 16-byte encryption security message encryption unique key and the 2-byte ATC from the IC card to obtain a unique 16-byte encryption process key. And the process key generation method is as shown in clause 8.1.3.

8 Security mechanism

8.1 Symmetric encryption mechanism 8.1.1 Encryption and decryption Encryption of data uses a 16-byte grouping encryption algorithm, either in electronic code book (ECB) mode or cipher block chaining (CBC) mode. JR/T 0025 uses ECB mode as encryption and decryption mode. The procedure for encrypting message MSG of any length with encryption process key Ks is as follows. 8.1.3 Process key generation MAC and data encryption process key generation is as follows. 8.2.1 This part uses the GM/T 0003 elliptic curve algorithm for digital signature algorithm

9 Approved algorithms

9.1 Symmetric encryption algorithm The symmetric encryption algorithm used in this part is the SM4 algorithm, and the algorithm is defined in GM/T 0002. 9.2 Asymmetric algorithm The asymmetric algorithm used in this part is the SM2 algorithm, and the algorithm is defined in GM/T 0003. ......
Source: Above contents are excerpted from the full-copy PDF -- translated/reviewed by: www.ChineseStandard.net / Wayne Zheng et al.


      

Tips & Frequently Asked Questions

Question 1: How long will the true-PDF of English version of JR/T 0025.17-2013 be delivered?

Answer: The full copy PDF of English version of JR/T 0025.17-2013 can be downloaded in 9 seconds, and it will also be emailed to you in 9 seconds (double mechanisms to ensure the delivery reliably), with PDF-invoice.

Question 2: Can I share the purchased PDF of JR/T 0025.17-2013_English with my colleagues?

Answer: Yes. The purchased PDF of JR/T 0025.17-2013_English will be deemed to be sold to your employer/organization who actually paid for it, including your colleagues and your employer's intranet.

Question 3: Does the price include tax/VAT?

Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countries

Question 4: Do you accept my currency other than USD?

Answer: Yes. www.ChineseStandard.us -- JR/T 0025.17-2013 -- Click this link and select your country/currency to pay, the exact amount in your currency will be printed on the invoice. Full PDF will also be downloaded/emailed in 9 seconds.

How to buy and download a true PDF of English version of JR/T 0025.17-2013?

A step-by-step guide to download PDF of JR/T 0025.17-2013_EnglishStep 1: Visit website https://www.ChineseStandard.net (Pay in USD), or https://www.ChineseStandard.us (Pay in any currencies such as Euro, KRW, JPY, AUD).
Step 2: Search keyword "JR/T 0025.17-2013".
Step 3: Click "Add to Cart". If multiple PDFs are required, repeat steps 2 and 3 to add up to 12 PDFs to cart.
Step 4: Select payment option (Via payment agents Stripe or PayPal).
Step 5: Customize Tax Invoice -- Fill up your email etc.
Step 6: Click "Checkout".
Step 7: Make payment by credit card, PayPal, Google Pay etc. After the payment is completed and in 9 seconds, you will receive 2 emails attached with the purchased PDFs and PDF-invoice, respectively.
Step 8: Optional -- Go to download PDF.
Step 9: Optional -- Click Open/Download PDF to download PDFs and invoice.
See screenshots for above steps: Steps 1~3    Steps 4~6    Step 7    Step 8    Step 9