HOME   Cart(0)   Quotation   About-Us Tax PDFs Standard-List Powered by Google www.ChineseStandard.net Database: 189760 (7 Dec 2024)

JR/T 0025.17-2013 English PDF

JR/T 0025.17-2013 (JR/T0025.17-2013, JRT 0025.17-2013, JRT0025.17-2013)
Standard IDContents [version]USDSTEP2[PDF] delivered inStandard Title (Description)StatusPDF
JR/T 0025.17-2013English160 Add to Cart 0--9 seconds. Auto-delivery China financial integrated circuit card specifications. Part 17: Enhanced debit/credit application security specification Obsolete JR/T 0025.17-2013
Preview PDF: JR/T 0025.17-2013

BASIC DATA
Standard ID JR/T 0025.17-2013 (JR/T0025.17-2013)
Description (Translated English) China financial integrated circuit card specifications. Part 17: Enhanced debit/credit application security specification
Sector / Industry Finance Industry Standard (Recommended)
Classification of Chinese Standard A11
Classification of International Standard 35.240.40
Word Count Estimation 32,358
Quoted Standard JR/T 0025.4; JR/T 0025.5; JR/T 0025.7; GM/T 0002; GM/T 0003; GM/T 0004; GM/T AAAA
Drafting Organization People's Bank of China
Administrative Organization National Financial Standardization Technical Committee
Regulation (derived from) Industry standard filing Notice No. 5 of 2013 (No. 161 overall)
Summary This standard specifies based SM2, SM3, SM4 algorithm debit/credit application security functional requirements and security mechanisms to achieve these security features involved and allowed the use of encryption algorithms, including: Based on the SM2,


JR/T 0025.17-2013 JR FINANCIAL INDUSTRY STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 35.240.40 A 11 Registration number. China financial integrated circuit card specifications – Part 17. Enhanced debit/credit application security specification ISSUED ON. FEBRUARY 05, 2013 IMPLEMENTED ON. FEBRUARY 05, 2013 Issued by. People’s Bank of China Table of Contents Foreword ... 4  Introduction ... 6  1 Scope ... 7  2 Normative references ... 7  3 Terms and definitions ... 8  4 Symbols and abbreviations ... 10  5 Offline data authentication ... 13  5.1 Static data authentication (SDA) ... 13  5.2 Dynamic data authentication (DDA) ... 16  6 Application of cryptogram and issuer authentication ... 25  6.1 Application cryptogram generation ... 25  6.2 Issuer authentication ... 27  7 Security message ... 29  7.1 Message integrity and verification ... 29  7.2 Message privacy ... 29  8 Security mechanism ... 30  8.1 Symmetric encryption mechanism ... 30  8.2 Asymmetric cryptography mechanism ... 34  9 Approved algorithms ... 36  9.1 Symmetric encryption algorithm ... 36  9.2 Asymmetric algorithm ... 36  9.3 Hash algorithm ... 36  10 Algorithm selection and transaction process ... 36  10.5 qPBOC application process ... 42  10.6 Initialization of personalization related key ... 44  11 PIN change/unlock command data calculation method ... 45  11.1 Change PIN value using current PIN ... 45  11.2 Change PIN value without using current PIN ... 46  Appendix A (Normative) Algorithm identifier ... 47  References ... 49  Foreword JR/T 0025 “China financial integrated circuit card specifications” is divided into the following parts. - Part 1. Electronic purse/electronic deposit application card specification (abolished); - Part 2. Electronic purse/electronic deposit application specification (abolished); - Part 3. Specification on application independent ICC to terminal interface requirements; - Part 4. Debit/credit application overview; - Part 5. Debit/credit application card specification; - Part 6. Debit /credit application terminal specification; - Part 7. Debit/credit application security specifications; - Part 8. Contactless specification independent of application; - Part 9. Electronic purse comprehensive application guide (abolished); - Part 10. Debit/credit card personalization guide; - Part 11. Contactless integrated circuit card communication specification; - Part 12. Contactless integrated circuit card payment specification - Part 13. Low-value payment specifications based on debit/credit application; - Part 14. Comprehensive application specification based on contactless low-value payment application; - Part 15. Electronic cash dual-currency payment specification; - Part 16. IC card internet terminal specification; - Part 17. Enhanced debit/credit application security specification. This part is part 17 of JR/T 0025. This part was drafted in accordance with the rules given in GB/T 1.1-2009. This part was proposed by the People's Bank of China. This part shall be under the jurisdiction of the National Financial Standardization Technical Committee (SAC/TC 180). The main drafting organizations of this part. the People's Bank of China, the State Password Authority Commercial Code Management Office, China PLA General Political Department 3rd Branch, Industrial and Commercial Bank of China, China Construction Bank, China Postal Savings Bank, China UnionPay Co., Ltd., China Financial Electronics, China Financial Certificate authority, Bank Card Testing Center, Beijing CEC Huada Electronic Design Co., Ltd., Beijing NJA Information Technology Co., Ltd., Beijing Jiangnan Tian’an Technology Co., Ltd., Beijing Huada Information Technology Co., Ltd., Beijing Huada Zhibao Electronics Co., Ltd., Shanghai Koal Software Co., Ltd., Aerospace Information Co., Ltd. The main drafters of this part. Wang Yonghong, Li Xiaofeng, Lu Shuchun, Pan Runhong, Du Ning, Chen Zendong, Wu Xiaoguang, An Xiaolong, Xie Yongquan, Liu Ping, Xu Zhizhong, Chen Fang, Tang Yang, Yan Weifeng, Li Dongfeng, Zhao Yu, Li Chunhuan, Zhang Dong, Tang Qinying, Zhong Qi, Shi Haiping, Li Yifan, Shi Dapeng, Li Jianfeng, Li Xin, Chen Zhenyu, Zheng Yuanlong, Dong Haoran, Han Xiaoxi, Li Guo, Wang Chaohui, Chen Yue, Tan Wuzheng, Luo Shixin. This part is the first release. Introduction This part is an extension to JR/T 0025.7 to support the use of cryptographic algorithms such as SM2, SM3 and SM4 in debit/credit applications. This part introduces the certificate authority, the issuer and IC card using the SM2 algorithm for digital signature, the use of SM3 algorithm to calculate the hash value, the use of SM4 algorithm for data encryption and secure message calculation. China financial integrated circuit card specifications - Part 17. Enhanced debit/credit application security specification 1 Scope This part as an enhancement to JR/T 0025.7, mainly describes the debit/credit application security features requirements based on SM2, SM3, SM4 algorithm, and the security mechanism and approved encryption algorithm to achieve these security features, including IC card offline data authentication methods based on SM2 and SM3, communication security between SM4-based IC card and issuer, and security mechanisms and encryption algorithms involved in implementing these security features. This part applies to the security-related equipment, card, terminal machine, and management, etc., of the financial debit/credit card application issued or accepted by the bank. The objective user is mainly the card, terminal and encryption device design, manufacture, management, issuance, application system research, development, integration and maintenance, and other departments (units) related to the application of the financial debit/credit IC card. 2 Normative references The following documents are essential to the application of this document. For the dated documents, only the versions with the dates indicated are applicable to this document; for the undated documents, only the latest version (including all the amendments) are applicable to this Standard. JR/T 0025.4 China financial integrated circuit card specifications - Part 4. Debit/credit application overview JR/T 0025.5 China financial integrated circuit card specifications - Part 5. Debit/credit application card specification JRIT 0025.7 China financial integrated circuit card specifications - Part 7. Debit/credit application security specification GM/T 0002 SM4 block cipher algorithm GM/T 0003 Public key cryptographic algorithm SM2 based on elliptic curves GM/T 0004 SM3 password hashing algorithm GM/T AAAA SM2 password algorithm using specifications 3 Terms and definitions The following terms and definitions apply to this document. 3.1 Application Application protocols and related data sets between cards and terminals. 3.2 Command A message sent from the terminal to the IC card that initiates an operation or requests a response. 3.3 Cryptogram Encryption operation results. 3.4 Financial transaction Information exchange, clearing and settlement of funds between cardholders, issuers, merchants and acquirers due to the exchange of goods or services between cardholders and merchants. 3.5 Integrated circuit (IC) Electronic devices with processing and/or storage capabilities. 3.6 Integrated circuit (s) card (ICC) A card encapsulated with one or more integrated circuits for processing and storage functions. 3.7 Interface device The part of the terminal where the IC card is inserted, including the mechanical and electrical parts in it. 3.8 Issuer action code... ......