JR/T 0025.17-2013 (JR/T0025.17-2013, JRT 0025.17-2013, JRT0025.17-2013)
Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
JR/T 0025.17-2013 | English | 160 |
Add to Cart
|
0--9 seconds. Auto-delivery
|
China financial integrated circuit card specifications. Part 17: Enhanced debit/credit application security specification
| Obsolete |
JR/T 0025.17-2013
|
Preview PDF: JR/T 0025.17-2013
Standard ID | JR/T 0025.17-2013 (JR/T0025.17-2013) | Description (Translated English) | China financial integrated circuit card specifications. Part 17: Enhanced debit/credit application security specification | Sector / Industry | Finance Industry Standard (Recommended) | Classification of Chinese Standard | A11 | Classification of International Standard | 35.240.40 | Word Count Estimation | 32,358 | Quoted Standard | JR/T 0025.4; JR/T 0025.5; JR/T 0025.7; GM/T 0002; GM/T 0003; GM/T 0004; GM/T AAAA | Drafting Organization | People's Bank of China | Administrative Organization | National Financial Standardization Technical Committee | Regulation (derived from) | Industry standard filing Notice No. 5 of 2013 (No. 161 overall) | Summary | This standard specifies based SM2, SM3, SM4 algorithm debit/credit application security functional requirements and security mechanisms to achieve these security features involved and allowed the use of encryption algorithms, including: Based on the SM2, |
JR/T 0025.17-2013
JR
FINANCIAL INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.240.40
A 11
Registration number.
China financial integrated circuit card specifications –
Part 17. Enhanced debit/credit
application security specification
ISSUED ON. FEBRUARY 05, 2013
IMPLEMENTED ON. FEBRUARY 05, 2013
Issued by. People’s Bank of China
Table of Contents
Foreword ... 4
Introduction ... 6
1 Scope ... 7
2 Normative references ... 7
3 Terms and definitions ... 8
4 Symbols and abbreviations ... 10
5 Offline data authentication ... 13
5.1 Static data authentication (SDA) ... 13
5.2 Dynamic data authentication (DDA) ... 16
6 Application of cryptogram and issuer authentication ... 25
6.1 Application cryptogram generation ... 25
6.2 Issuer authentication ... 27
7 Security message ... 29
7.1 Message integrity and verification ... 29
7.2 Message privacy ... 29
8 Security mechanism ... 30
8.1 Symmetric encryption mechanism ... 30
8.2 Asymmetric cryptography mechanism ... 34
9 Approved algorithms ... 36
9.1 Symmetric encryption algorithm ... 36
9.2 Asymmetric algorithm ... 36
9.3 Hash algorithm ... 36
10 Algorithm selection and transaction process ... 36
10.5 qPBOC application process ... 42
10.6 Initialization of personalization related key ... 44
11 PIN change/unlock command data calculation method ... 45
11.1 Change PIN value using current PIN ... 45
11.2 Change PIN value without using current PIN ... 46
Appendix A (Normative) Algorithm identifier ... 47
References ... 49
Foreword
JR/T 0025 “China financial integrated circuit card specifications” is divided into
the following parts.
- Part 1. Electronic purse/electronic deposit application card specification
(abolished);
- Part 2. Electronic purse/electronic deposit application specification
(abolished);
- Part 3. Specification on application independent ICC to terminal interface
requirements;
- Part 4. Debit/credit application overview;
- Part 5. Debit/credit application card specification;
- Part 6. Debit /credit application terminal specification;
- Part 7. Debit/credit application security specifications;
- Part 8. Contactless specification independent of application;
- Part 9. Electronic purse comprehensive application guide (abolished);
- Part 10. Debit/credit card personalization guide;
- Part 11. Contactless integrated circuit card communication specification;
- Part 12. Contactless integrated circuit card payment specification
- Part 13. Low-value payment specifications based on debit/credit
application;
- Part 14. Comprehensive application specification based on contactless
low-value payment application;
- Part 15. Electronic cash dual-currency payment specification;
- Part 16. IC card internet terminal specification;
- Part 17. Enhanced debit/credit application security specification.
This part is part 17 of JR/T 0025.
This part was drafted in accordance with the rules given in GB/T 1.1-2009.
This part was proposed by the People's Bank of China.
This part shall be under the jurisdiction of the National Financial
Standardization Technical Committee (SAC/TC 180).
The main drafting organizations of this part. the People's Bank of China, the
State Password Authority Commercial Code Management Office, China PLA
General Political Department 3rd Branch, Industrial and Commercial Bank of
China, China Construction Bank, China Postal Savings Bank, China UnionPay
Co., Ltd., China Financial Electronics, China Financial Certificate authority,
Bank Card Testing Center, Beijing CEC Huada Electronic Design Co., Ltd.,
Beijing NJA Information Technology Co., Ltd., Beijing Jiangnan Tian’an
Technology Co., Ltd., Beijing Huada Information Technology Co., Ltd., Beijing
Huada Zhibao Electronics Co., Ltd., Shanghai Koal Software Co., Ltd.,
Aerospace Information Co., Ltd.
The main drafters of this part. Wang Yonghong, Li Xiaofeng, Lu Shuchun, Pan
Runhong, Du Ning, Chen Zendong, Wu Xiaoguang, An Xiaolong, Xie
Yongquan, Liu Ping, Xu Zhizhong, Chen Fang, Tang Yang, Yan Weifeng, Li
Dongfeng, Zhao Yu, Li Chunhuan, Zhang Dong, Tang Qinying, Zhong Qi, Shi
Haiping, Li Yifan, Shi Dapeng, Li Jianfeng, Li Xin, Chen Zhenyu, Zheng
Yuanlong, Dong Haoran, Han Xiaoxi, Li Guo, Wang Chaohui, Chen Yue, Tan
Wuzheng, Luo Shixin.
This part is the first release.
Introduction
This part is an extension to JR/T 0025.7 to support the use of cryptographic
algorithms such as SM2, SM3 and SM4 in debit/credit applications. This part
introduces the certificate authority, the issuer and IC card using the SM2
algorithm for digital signature, the use of SM3 algorithm to calculate the hash
value, the use of SM4 algorithm for data encryption and secure message
calculation.
China financial integrated circuit card specifications -
Part 17. Enhanced debit/credit
application security specification
1 Scope
This part as an enhancement to JR/T 0025.7, mainly describes the debit/credit
application security features requirements based on SM2, SM3, SM4 algorithm,
and the security mechanism and approved encryption algorithm to achieve
these security features, including IC card offline data authentication methods
based on SM2 and SM3, communication security between SM4-based IC card
and issuer, and security mechanisms and encryption algorithms involved in
implementing these security features.
This part applies to the security-related equipment, card, terminal machine,
and management, etc., of the financial debit/credit card application issued or
accepted by the bank. The objective user is mainly the card, terminal and
encryption device design, manufacture, management, issuance, application
system research, development, integration and maintenance, and other
departments (units) related to the application of the financial debit/credit IC
card.
2 Normative references
The following documents are essential to the application of this document. For
the dated documents, only the versions with the dates indicated are applicable
to this document; for the undated documents, only the latest version (including
all the amendments) are applicable to this Standard.
JR/T 0025.4 China financial integrated circuit card specifications - Part 4.
Debit/credit application overview
JR/T 0025.5 China financial integrated circuit card specifications - Part 5.
Debit/credit application card specification
JRIT 0025.7 China financial integrated circuit card specifications - Part 7.
Debit/credit application security specification
GM/T 0002 SM4 block cipher algorithm
GM/T 0003 Public key cryptographic algorithm SM2 based on elliptic curves
GM/T 0004 SM3 password hashing algorithm
GM/T AAAA SM2 password algorithm using specifications
3 Terms and definitions
The following terms and definitions apply to this document.
3.1
Application
Application protocols and related data sets between cards and terminals.
3.2
Command
A message sent from the terminal to the IC card that initiates an operation
or requests a response.
3.3
Cryptogram
Encryption operation results.
3.4
Financial transaction
Information exchange, clearing and settlement of funds between
cardholders, issuers, merchants and acquirers due to the exchange of
goods or services between cardholders and merchants.
3.5
Integrated circuit (IC)
Electronic devices with processing and/or storage capabilities.
3.6
Integrated circuit (s) card (ICC)
A card encapsulated with one or more integrated circuits for processing and
storage functions.
3.7
Interface device
The part of the terminal where the IC card is inserted, including the
mechanical and electrical parts in it.
3.8
Issuer action code...
......
|