DOCSLIB.ORG

Hardware Security Modules: Attacks and Secure Configuration

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Hardware Security Modules: Attacks and Secure Configuration Hardware Security Modules: Attacks and Secure Configuration Graham Steel Graham Steel April 2014 Graham Steel - HSM Attacks and Secure Configuration April 2014 - 2/ 56 Secure Hardware History Military: WW2 Enigma machines - captured machines used to help break codes NSA devices with explosive tamper resistance - http://www.nsa.gov/about/cryptologic_heritage/museum/ Commercial: IBM: Cryptoprocessors for mainframes - tamper-resistant switches on case ATMs (cash machines) - Encrypted PIN Pads (EPPs) and Hardware Security Modules (HSMs) Graham Steel - HSM Attacks and Secure Configuration April 2014 - 3/ 56 Secure Hardware History - 2 Cryptographic Smartcards - chip contains cryptoprocessor and keys in memory - used in SIM cards, credit cards, ID cards, transport::: Authentication tokens - generate One-Time Passwords, sometimes USB connection Trusted Platform Module (TPM) - now standard (but unused) in most PC laptops The future.. - Secure Elements in mobile phones, cars,::: Graham Steel - HSM Attacks and Secure Configuration April 2014 - 4/ 56 Example - Cash Machine Network I Introduced in the UK in the late 1960s I First modern machines (with DES) in the 70s and 80s I More than 2 million ATMs worldwide I Network is now global and ubiquitous (at least in cities) Graham Steel - HSM Attacks and Secure Configuration April 2014 - 5/ 56 Simplified Network Schematic ATM Maestro UK SocGen HSBC Graham Steel - HSM Attacks and Secure Configuration April 2014 - 6/ 56 HSMs I Manufacturers include IBM, nCipher, Thales, Utimaco, HP I Cost around $20 000 Graham Steel - HSM Attacks and Secure Configuration April 2014 - 7/ 56 A Word About Your PIN IBM 3624 method: 1. Write account number (PAN) as 0000AAAAAAAAAAAA 2. 3DES encrypt under a PDK (PIN Derivation Key), decimalise first digits 3. PIN = IPIN + Offset (modulo 10 each digit) NB: Offset NOT secure! Graham Steel - HSM Attacks and Secure Configuration April 2014 - 8/ 56 API attack example: VSM (Bond, 2001) Graham Steel - HSM Attacks and Secure Configuration April 2014 - 9/ 56 Example: Print Customer PIN {PDK1} KM PAN KM {PAN} PDK1 Secure Printer Host ! HSM : PAN, f PDK1 g Km HSM ! Printer : f PAN g PDK1 Graham Steel - HSM Attacks and Secure Configuration April 2014 - 10/ 56 Example: Send PDK to Terminal {PDK1} KM {TMK1} KM KM {PDK1} TMK1 Host ! HSM : f PDK1 g Km; f TMK1 g Km HSM ! Host : f PDK1 g TMK1 Graham Steel - HSM Attacks and Secure Configuration April 2014 - 11/ 56 Terminal Comms Key {MSG} TC KM TMK1 Graham Steel - HSM Attacks and Secure Configuration April 2014 - 12/ 56 Managing Key Types Graham Steel - HSM Attacks and Secure Configuration April 2014 - 13/ 56 Example: Enter TC key Host ! HSM : TC HSM ! Host : f TC g Km2 Graham Steel - HSM Attacks and Secure Configuration April 2014 - 14/ 56 Example: Send TC to Terminal Host ! HSM : f TC g Km2, f TMK1 g Km HSM ! Host : f TC g TMK1 Graham Steel - HSM Attacks and Secure Configuration April 2014 - 15/ 56 Attack - Step 1 Spy ! HSM : PAN HSM ! Spy : f PAN g Km2 Graham Steel - HSM Attacks and Secure Configuration April 2014 - 16/ 56 Attack - Step 2 Spy ! HSM : f PAN g Km2, f PDK1 g Km HSM ! Host : f PAN g PDK1 Graham Steel - HSM Attacks and Secure Configuration April 2014 - 17/ 56 IBM 4758 CCA API Graham Steel - HSM Attacks and Secure Configuration April 2014 - 18/ 56 CCA Types - 1 The Common Cryptographic Architecture (CCA) API uses the same ‘master key’ architecture as the VSM However, the (patented) type system is much richer Before encrypting a working key, the master key is XORed against a ‘control vector’ indicating the type of the key The control vectors are public values (they can be found in the programmers’ manual), but the master key is secret Control vectors can be composite, i.e. they may consist of a number of values XORed together Graham Steel - HSM Attacks and Secure Configuration April 2014 - 19/ 56 CCA Types - 2 Graham Steel - HSM Attacks and Secure Configuration April 2014 - 20/ 56 CCA API - Examples Encrypt Data: Host ! HSM : f d1 g km⊕data, message HSM ! Host : f message g d1 Verify PIN: Host ! HSM : f PINBlock g p1, PAN, f pdk1 g km⊕pin, OFFSET, f p1 g km⊕ipinenc HSM ! Host : yes/no Graham Steel - HSM Attacks and Secure Configuration April 2014 - 21/ 56 Bootstrapping A common problem in the use of secure hardware How to get the initial secrets onto the device (or encrypted by the device’s master key) in a secure way? A common solution is ‘separation of duty’: several members of staff are given individual parts of a secret. Each individual part is worthless, so only collusion between several staff members can expose the secret. Graham Steel - HSM Attacks and Secure Configuration April 2014 - 22/ 56 Importing Key Parts Separation of duty between e.g. 2 security officers Key k = k1 ⊕ k2 Host ! HSM : k1, TYPE HSM ! Host : f k1 g km⊕kp⊕TYPE Host ! HSM : f k1 g km⊕kp⊕TYPE, k2, TYPE HSM ! Host : f k1 ⊕ k2 g km⊕TYPE This is a tedious and expensive process, so usually used to import a ‘key encrypting key’ (f KEK g km⊕imp) Graham Steel - HSM Attacks and Secure Configuration April 2014 - 23/ 56 Importing Encrypted Keys Exported from another 4758 encrypted under KEK ⊕ TYPE Key Import: Host ! HSM : f KEY1 g KEK⊕TYPE, TYPE, f KEK g km⊕imp HSM ! Host : f KEY1 g km⊕TYPE Graham Steel - HSM Attacks and Secure Configuration April 2014 - 24/ 56 Attack (Bond, 2001) (part 1) PIN derivation key: f pdk g kek⊕pin Have key part f kek ⊕ k2 g km⊕imp⊕kp for known k2 Host ! HSM : f kek ⊕ k2 g km⊕kp⊕imp, k2 ⊕ pin ⊕ data, imp HSM ! Host : fkek ⊕ pin ⊕ datag km⊕imp Graham Steel - HSM Attacks and Secure Configuration April 2014 - 25/ 56 Attack (Bond, 2001) (part 2) Key Import Host ! HSM : f pdk g kek⊕pin, data, f kek ⊕ pin ⊕ data g km⊕imp HSM ! Host : f pdk g km⊕data Encrypt data Host ! HSM : f pdk g km⊕data, pan HSM ! Host : f pan g pdk (= PIN!) Graham Steel - HSM Attacks and Secure Configuration April 2014 - 26/ 56 IBM Recommendations Published in response to Bond’s attacks 1. Use asymmetric key crypto for key import – 2 officer protocol to generate key pair at destination, transfer public key to source – PKA Symmetric Key Import command 2. More access control – security officers access fewer commands 3. Procedural controls to check entered key parts 2 and 3 verified in a few seconds, but 1 has a simple attack.. Graham Steel - HSM Attacks and Secure Configuration April 2014 - 27/ 56 Attack on 1 (Cortier, Keighren & S. ’07) fkek.IMPgPK ! fkekgKM⊕IMP PKA Symmetric Key Import fk.EXPgPK ! fkgKM⊕EXP PKA Symmetric Key Import fpdkgkek⊕PIN , PIN , fkekgKM⊕IMP ! fpdkgKM⊕PIN Key Import fpdkgKM⊕PIN , PIN , fkgKM⊕EXP ! fpdkgk⊕PIN Key Export Graham Steel - HSM Attacks and Secure Configuration April 2014 - 28/ 56 Summary of First half I Secure hardware is more and more prevalent I The API of the hardware is a security critical part of design I Have seen attacks on VSM, CCA I In the next half we’ll look at specific attacks on PIN processing Graham Steel - HSM Attacks and Secure Configuration April 2014 - 29/ 56 Further reading R. Anderson, Security Engineering, Wiley (2nd Ed.) M. Bond and R. Anderson, API Level Attacks on Embedded Systems, IEEE Computer Magazine, 2001 D. Longley and S. Rigby, An Automatic Search for Security Flaws in Key Management Schemes, Computers and Security, 1992, V. Cortier, G. Keighren and G. Steel, Automatic Analysis of the Security of XOR-based Key Management Schemes, TACAS ’07 The Analysis of Security APIs Workshop, http://www.lsv.ens-cachan.fr/~steel/asa/ Graham Steel - HSM Attacks and Secure Configuration April 2014 - 30/ 56 Photo: redspotted/Flickr Graham Steel - HSM Attacks and Secure Configuration April 2014 - 31/ 56 Introduction to PIN Processing Processing of PINs in the international cash machine network is one of the oldest and most widespread uses of cryptographic hardware International standards (ISO 9564, ANSI X9.8) and de-facto standards (e.g. Visa’s requirements documents) regulate the network According to ANSI X9.8 secure hardware must be configured so that “The system shall not be capable of being used or misused to determine a PIN by exhaustive trial and error”. Graham Steel - HSM Attacks and Secure Configuration April 2014 - 32/ 56 Graham Steel - HSM Attacks and Secure Configuration April 2014 - 33/ 56 Verizon Breach Report 2008 Released April 2009 “While statistically not a large percentage of our overall caseload in 2008, attacks against PIN information represent individual data-theft cases having the largest aggregate exposure in terms of unique records,” “In other words, PIN-based attacks and many of the very large compromises from the past year go hand in hand.” “We’re seeing entirely new attacks that a year ago were thought to be only academically possible,” “What we see now is people going right to the source [..] and stealing the encrypted PIN blocks and using complex ways to un-encrypt the PIN blocks.” (Quotes from Wired Magazine interview with report author, Bryan Sartin) Graham Steel - HSM Attacks and Secure Configuration April 2014 - 34/ 56 Known Major Breaches 2008 Feb Citibank $3.6M 2008 Nov RBS worldpay $9.4M 2011 May FIS $13M 2012 December RAKBANK $11M 2013 February Bank of Muscat $45M Symatec report: ”tens of millions” lost to ATM heists in 2012 just in Europe: http://www.bloomberg.com/news/2013-05-07/ banks-say-fed-should-lead-in-cybersecurity -for-industry.html Graham Steel - HSM Attacks and Secure Configuration April 2014 - 35/ 56 Simplified Network Schematic ATM Maestro UK SocGen HSBC Graham Steel - HSM Attacks and Secure Configuration April 2014 - 36/ 56 PIN Processing API We can see that the PIN processing API of the HSM will have to (at least): I Translate PINs I Verify PINs I Generate PINs We’ll look at these APIs (and attacks on them).
Load more

Recommended publications
  • 2018-07-11 and for Information to the Iso Member Bodies and to the Tmb Members
    Sergio Mujica Secretary-General TO THE CHAIRS AND SECRETARIES OF ISO COMMITTEES 2018-07-11 AND FOR INFORMATION TO THE ISO MEMBER BODIES AND TO THE TMB MEMBERS ISO/IEC/ITU coordination – New work items Dear Sir or Madam, Please find attached the lists of IEC, ITU and ISO new work items issued in June 2018. If you wish more information about IEC technical committees and subcommittees, please access: http://www.iec.ch/. Click on the last option to the right: Advanced Search and then click on: Documents / Projects / Work Programme. In case of need, a copy of an actual IEC new work item may be obtained by contacting [email protected]. Please note for your information that in the annexed table from IEC the "document reference" 22F/188/NP means a new work item from IEC Committee 22, Subcommittee F. If you wish to look at the ISO new work items, please access: http://isotc.iso.org/pp/. On the ISO Project Portal you can find all information about the ISO projects, by committee, document number or project ID, or choose the option "Stages search" and select "Search" to obtain the annexed list of ISO new work items. Yours sincerely, Sergio Mujica Secretary-General Enclosures ISO New work items 1 of 8 2018-07-11 Alert Detailed alert Timeframe Reference Document title Developing committee VA Registration dCurrent stage Stage date Guidance for multiple organizations implementing a common Warning Warning – NP decision SDT 36 ISO/NP 50009 (ISO50001) EnMS ISO/TC 301 - - 10.60 2018-06-10 Warning Warning – NP decision SDT 36 ISO/NP 31050 Guidance for managing
    [Show full text]
  • Guidelines on Cryptographic Algorithms Usage and Key Management
    EPC342-08 Version 7.0 4 November 2017 [X] Public – [ ] Internal Use – [ ] Confidential – [ ] Strictest Confidence Distribution: Publicly available GUIDELINES ON CRYPTOGRAPHIC ALGORITHMS USAGE AND KEY MANAGEMENT Abstract This document defines guidelines on cryptographic algorithms usage and key management. Document Reference EPC342-08 Issue Version 7.0 Date of Issue 22 November 2017 Reason for Issue Maintenance of document Produced by EPC Authorised by EPC Document History This document was first produced by ECBS as TR 406, with its latest ECBS version published in September 2005. The document has been handed over to the EPC which is responsible for its yearly maintenance. DISCLAIMER: Whilst the European Payments Council (EPC) has used its best endeavours to make sure that all the information, data, documentation (including references) and other material in the present document are accurate and complete, it does not accept liability for any errors or omissions. EPC will not be liable for any claims or losses of any nature arising directly or indirectly from use of the information, data, documentation or other material in the present document. Conseil Européen des Paiements AISBL– Cours Saint-Michel 30A – B 1040 Brussels Tel: +32 2 733 35 33 – Fax: +32 2 736 49 88 Enterprise N° 0873.268.927 – www.epc-cep.eu – [email protected] © 2016 Copyright European Payments Council (EPC) AISBL: Reproduction for non-commercial purposes is authorised, with acknowledgement of the source Table of Content MANAGEMENT SUMMARY ............................................................. 5 1 INTRODUCTION .................................................................... 7 1.1 Scope of the document ...................................................... 7 1.2 Document structure .......................................................... 7 1.3 Recommendations ............................................................ 8 1.4 Implementation best practices .........................................
    [Show full text]
  • Introducing the IBM Z15 - the Enterprise Platform for Mission-Critical Hybrid Multicloud
    IBM United States Hardware Announcement 119-027, dated September 12, 2019 Introducing the IBM z15 - The enterprise platform for mission-critical hybrid multicloud Table of contents 2 Overview 26 Product number 3 Key requirements 57 Publications 3 Planned availability date 60 Technical information 4 Description 72 Terms and conditions 22 Product positioning 74 Prices 24 Statement of general direction 117Order now 118Corrections At a glance Announcing the IBM(R) z15 Today's announcement extends the IBM Z(R) position as the industry-leading platform for mission-critical hybrid cloud, with new innovations across security, data privacy, and resilience. Data privacy and security Pervasive encryption easily encrypts all data associated with an application, database, or cloud service -- whether on premises or in the cloud, at rest or in flight. The IBM z15 extends this beyond the border of the IBM Z environment. • The new IBM Z Data Privacy Passports, in conjunction with IBM z15 and available via an IBM z15 only PID, is being designed to enforce security and privacy protections to data not only on Z, but across platforms. It provides a data-centric security solution that enables data to play an active role in its own protection. For more information about IBM Z Data Privacy Passports V1.0 beta program, see Software Announcement 219-452, dated September 12, 2019. • IBM Z Data Privacy for Diagnostics provides clients with the capability to protect sensitive data that may be included in diagnostic dumps. Now sensitive data can be tagged such that it can be identified in dumps with no impact to dump capture times.
    [Show full text]
  • Year 2010 Issues on Cryptographic Algorithms
    Year 2010 Issues on Cryptographic Algorithms Masashi Une and Masayuki Kanda In the financial sector, cryptographic algorithms are used as fundamental techniques for assuring confidentiality and integrity of data used in financial transactions and for authenticating entities involved in the transactions. Currently, the most widely used algorithms appear to be two-key triple DES and RC4 for symmetric ciphers, RSA with a 1024-bit key for an asymmetric cipher and a digital signature, and SHA-1 for a hash function according to international standards and guidelines related to the financial transactions. However, according to academic papers and reports regarding the security evaluation for such algorithms, it is difficult to ensure enough security by using the algorithms for a long time period, such as 10 or 15 years, due to advances in cryptanalysis techniques, improvement of computing power, and so on. To enhance the transition to more secure ones, National Institute of Standards and Technology (NIST) of the United States describes in various guidelines that NIST will no longer approve two-key triple DES, RSA with a 1024-bit key, and SHA-1 as the algorithms suitable for IT systems of the U.S. Federal Government after 2010. It is an important issue how to advance the transition of the algorithms in the financial sector. This paper refers to issues regarding the transition as Year 2010 issues in cryptographic algorithms. To successfully complete the transition by 2010, the deadline set by NIST, it is necessary for financial institutions to begin discussing the issues at the earliest possible date. This paper summarizes security evaluation results of the current algorithms, and describes Year 2010 issues, their impact on the financial industry, and the transition plan announced by NIST.
    [Show full text]
  • Technical Standards Catalogue VERSION 6.2
    e-Government Technical Standards Catalogue VERSION 6.2 FINAL September 2005 Technical Standards Catalogue / version 6.2 final / September 2005 1 CONTENTS 1 INTRODUCTION ...........................................................................................................................3 2 CHANGES FROM PREVIOUS VERSION..................................................................................4 3 ISSUES UNDER CONSIDERATION............................................................................................5 4 INTERCONNECTION ...................................................................................................................7 TABLE 1 SPECIFICATIONS FOR INTERCONNECTIVITY.......................................................................7 TABLE 2 SPECIFICATIONS FOR WEB SERVICES ..............................................................................10 5 DATA INTEGRATION ................................................................................................................16 TABLE 3 SPECIFICATIONS FOR DATA INTEGRATION ...........................................................................16 6 CONTENT MANAGEMENT METADATA ...............................................................................19 TABLE 4 SPECIFICATIONS FOR CONTENT MANAGEMENT METADATA .................................................19 TABLE 5 SPECIFICATIONS FOR IDENTIFIERS .......................................................................................20 7 E-SERVICES ACCESS.................................................................................................................23
    [Show full text]
  • A Summary of Control System Security Standards Activities in the Energy Sector
    U.S. Department of Energy Office of Electricity Delivery and Energy Reliability A Summary of Control System Security Standards Activities in the Energy Sector Prepared for the U.S. Department of Energy Office of Electricity Delivery and Energy Reliability October 2005 NSTB National SCADA Test Bed Enhancing control systems security in the energy sector NSTB ABSTRACT This document is a compilation of the activities and initiatives concerning control system security that are influencing the standards process in the development of secure communication protocols and systems. Also contained in this report is a comparison of several of the sector standards, guidelines, and technical reports, demonstrating standards coverage by security topic. This work focuses on control systems standards applicable to the energy (oil, gas, and electric, but not nuclear) sector. A Summary of Control System Security Standards Activities in the Energy Sector i NSTB ii A Summary of Control System Security Standards Activities in the Energy Sector NSTB AUTHOR CONTACTS Rolf E. Carlson Sandia National Laboratories1 Phone: 505.844.9476 E-mail: [email protected] Jeffery E. Dagle Pacific Northwest National Laboratory2 Phone 509.375.3629 E-mail: [email protected] Shabbir A. Shamsuddin Argonne National Laboratory3 Phone 630.252.6273 E-mail: [email protected] Robert P. Evans Idaho National Laboratory4 Phone 208.526.0852 E-mail: [email protected] 1 Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energy’s National Nuclear Security Administration under contract DE-AC04-94AL85000. 2 The Pacific Northwest National Laboratory is operated by Battelle for the U.S.
    [Show full text]
  • Analysis of Applicability of ISO 9564 PIN Based Authentication to Closed-Loop Mobile Payment Systems
    Analysis of Applicability of ISO 9564 PIN based Authentication to Closed-Loop Mobile Payment Systems Amal Saha* Tata Institute of Fundamental Research (TIFR), Mumbai, INDIA, Email: [email protected] Sugata Sanyal Tata Consultancy Services (TCS), Mumbai, INDIA Email: [email protected] *Corresponding Author ————————————Abstract———————————————— Payment transactions initiated through a mobile device are growing and security concerns must be ad- dressed. People coming from payment card industry often talk passionately about porting ISO 9564 PIN standard based authentication in open-loop card payment to closed-loop mobile financial transactions and certification of closed-loop payment product or solution against this standard. In reality, so far this standard has not been adopted in closed-loop mobile payment authentication and applicability of this ISO standard must be studied carefully before adoption. The authors do a critical analysis of the applicability of this ISO specification and makes categorical statement about relevance of compliance to closed-loop mobile payment. Security requirements for authentication in closed-loop mobile payment systems are not standardised through ISO 9564 standard, Common Criteria [3], etc. Since closed-loop mobile payment is a relatively new field, the authors make a case for Common Criteria Recognition Agreement (CCRA) or other standards organization to push for publication of a mobile device-agnostic Protection Profile or standard for it, incorporating the suggested authentication approaches. Keywords: ISO 9564 PIN Based Authentication, Card-Present and Card-Not-Present Transactions, Open-Loop and Closed-Loop Payments, Mobile Payment, Stored-Value-Account, Common Criteria Pro- tection Profile, Device Fingerprinting, m-PIN (mobile PIN), One Time Password (OTP), Android Applica- tion component called Service, backend service.
    [Show full text]
  • ISO Focus, July-August 2007.Pdf
    ISO Focus The Magazine of the International Organization for Standardization Volume 4, No. 7/8, July/August 2007, ISSN 1729-8709 Enabling e-business • Marc Carletti : “ The financial industry is a major user of ISO standards ” • ISO 14001 – the video clip ! Contents 1 Comment Robert Blair, Vice Convenor of the Payment Standards Evaluation Group (SEG) of ISO/TC 68 2 World Scene Highlights of events from around the world 3 ISO Scene Highlights of news and developments from ISO members 4 Guest View Marc Carletti, CEO Telekurs Financial Information Ltd ISO Focus is published 11 times a year (single issue : July-August). 7 Main Focus It is available in English. Annual subscription 158 Swiss Francs Individual copies 16 Swiss Francs Publisher ISO Central Secretariat (International Organization for Enabling -business Standardization) 1, ch. de la Voie-Creuse CH-1211 Genève 20 Switzerland Telephone + 41 22 749 01 11 Fax + 41 22 733 34 30 E-mail [email protected] • Working together for interoperability – Web www.iso.org The MoU on e-business standards • Standardization to combat money laundering and terrorism Manager : Roger Frost • SWIFT – Secure and reliable message exchange between Editor : Elizabeth Gasiorowski-Denis banks and other financial institutions Assistant Editor : Dale Campbell • ISO develops PIN standards to prick Artwork : Pascal Krieger and Pierre Granier purchasing fraud bubble • A foundation for e-engineering and e-commerce ISO Update : Dominique Chevaux • UN/CEFACT and ISO – cooperation for the common good Subscription enquiries : Sonia Rosas Friot ISO Central Secretariat • ebXML – Cutting costs and simplifying processes Telephone + 41 22 749 03 36 for business Fax + 41 22 749 09 47 • Regulation and standards development in payments E-mail [email protected] • Securing an e-business world • ISO standard offers iron-clad protection © ISO, 2007.
    [Show full text]
  • Canadian Data Governance Standardization Roadmap B
    Canadian Data Governance Standardization Roadmap b Canadian Data Governance Standardization Roadmap Table of contents Acknowledgements ................................................................................................................. 2 Message from the Co-Chairs of the Data Governance Standardization Collaborative .............................................................................................. 3 Message from the CEO, Standards Council of Canada .................................................. 4 Executive Summary ................................................................................................................ 5 How to Use this Report ............................................................................................................7 About Standards and Conformity Assessment ..................................................................................7 About the Collaborative ................................................................................................................................... 8 Reading the Roadmap ..................................................................................................................................... 8 Standardization and Data Governance in Canada ..........................................................10 State of Play ........................................................................................................................................................10 Tackling the Challenges and Identifying the Opportunities
    [Show full text]
  • Cen Workshop Agreement Cwa 16926-6
    CEN CWA 16926-6 WORKSHOP February 2020 AGREEMENT ICS 35.200; 35.240.15; 35.240.40 English version Extensions for Financial Services (XFS) interface specification Release 3.40 - Part 6: PIN Keypad Device Class Interface - Programmer's Reference This CEN Workshop Agreement has been drafted and approved by a Workshop of representatives of interested parties, the constitution of which is indicated in the foreword of this Workshop Agreement. The formal process followed by the Workshop in the development of this Workshop Agreement has been endorsed by the National Members of CEN but neither the National Members of CEN nor the CEN-CENELEC Management Centre can be held accountable for the technical content of this CEN Workshop Agreement or possible conflicts with standards or legislation. This CEN Workshop Agreement can in no way be held as being an official standard developed by CEN and its Members. This CEN Workshop Agreement is publicly available as a reference document from the CEN Members National Standard Bodies. CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMITÉ EUROPÉEN DE NORMALISATION EUROPÄISCHES KOMITEE FÜR NORMUNG CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels © 2020 CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No.:CWA 16926-6:2020 E 1 Table of Contents European Foreword .....................................................................................................
    [Show full text]
  • ISO Update Supplement to Isofocus
    ISO Update Supplement to ISOfocus January 2017 International Standards in process ISO/CD 7240-7 Fire detection and alarm systems — Part 7: Point-type smoke detectors using scattered An International Standard is the result of an agreement between light, transmitted light or ionization the member bodies of ISO. A first important step towards an Interna- TC 22 Road vehicles tional Standard takes the form of a committee draft (CD) - this is cir- ISO/CD Road vehicles — Automotive cables — Part 1: culated for study within an ISO technical committee. When consensus 19642-1 Terminology has been reached within the technical committee, the document is sent to the Central Secretariat for processing as a draft International ISO/CD Road vehicles — Automotive cables — Part 2: Standard (DIS). The DIS requires approval by at least 75 % of the 19642-2 Test methods member bodies casting a vote. A confirmation vote is subsequently ISO/CD Road vehicles — Automotive cables — Part 3: carried out on a final draft International Standard (FDIS), the approval 19642-3 Dimensions and requirements for 30 V a.c. or criteria remaining the same. 60 V d.c. single core copper conductor cables ISO/CD Road vehicles — Automotive cables — Part 19642-4 4: Dimensions and requirements for 30 V a.c. and 60 V d.c. single core aluminium conductor cables ISO/CD Road vehicles — Automotive cables — Part 5: 19642-5 Dimensions and requirements for 600 V a.c. or 900 V d.c., 1000 V a.c. or 1500 V d.c. single CD registered core copper conductor cables ISO/CD Road vehicles — Automotive cables — Part 6: 19642-6 Dimensions and requirements for 600 V a.c.
    [Show full text]
  • PCI) PIN Transaction Security (PTS) Point of Interaction (POI
    Payment Card Industry (PCI) PIN Transaction Security (PTS) Point of Interaction (POI) Modular Evaluation Vendor Questionnaire Version 4.1 June 2015 Document Changes Date Version Description April 2010 3.0 Initial public release September 2011 3.1 Clarifications and errata, updates for Non-PIN POIs February 2013 4.x RFC version June 2013 4.0 Public release June 2015 4.1 Updates for errata and new core section J PCI PTS POI Evaluation Vendor Questionnaire, v4.1 June 2015 © Copyright 2010-2015 PCI Security Standards Council, LLC. All Rights Reserved. Page ii Table of Contents Document Changes .................................................................................................................................... ii Related Publications .................................................................................................................................. iv Questionnaire Instructions ........................................................................................................................ 1 A – Core Physical Security Characteristics ............................................................................................. 2 B – Core Logical Security Characteristics ............................................................................................. 17 C – Online Security Characteristics ........................................................................................................ 43 D – Offline Security Characteristics .......................................................................................................
    [Show full text]