Iso/Dis 22383
Total Page:16
File Type:pdf, Size:1020Kb
W - IE 90 V af E 50 ef R i) t/ 3 P a is 38 . /s 2 D eh s -2 R t rd is .i : a d A s d d o- D d r an is N r da st e/ a n g/ c A d ta o c5 T n s al 5 S a ll t 2 t u ca 9 h (s F i/ 7 e a b8 T h. 0 Security and resilience — Authenticity, integrity and i e -5 DRAFT INTERNATIONAL STANDARD .it f trust for products and documents — Guidelines and s 1a rd -a performance criteria for authentication solutions for a 4e nd 8 material goods ta -4 /s e :/ 6 s 68 Sécurité et résilience — Authenticité, intégrité et confiance pour les produits et les documents — Lignes tp directrices et critères de performance relatifs aux solutions d'authentificationISO/TC des biens matériels ht Voting begins on: ICS: 03.100.01 2019-09-03 292 Secretariat: ISO/DIS 22383 Voting terminates on: 2019-11-26 SIS THIS DOCUMENT IS A DRAFT CIRCULATED FOR COMMENT AND APPROVAL. IT IS THEREFORE SUBJECT TO CHANGE AND MAY NOT BE REFERRED TO AS AN INTERNATIONAL STANDARD UNTIL PUBLISHED AS SUCH. IN ADDITION TO THEIR EVALUATION AS BEING ACCEPTABLE FOR INDUSTRIAL, TECHNOLOGICAL, COMMERCIAL AND USER PURPOSES, DRAFT INTERNATIONAL STANDARDS MAY ON OCCASION HAVE TO BE CONSIDERED IN THE LIGHT OF THEIR POTENTIAL TO BECOME STANDARDS TO WHICH REFERENCE MAY BE MADE IN NATIONAL REGULATIONS. RECIPIENTS OF THIS DRAFT ARE INVITED TO SUBMIT, WITH THEIR COMMENTS, NOTIFICATION OF ANY RELEVANT PATENT RIGHTS OF WHICH THEY ARE AWARE AND TO PROVIDE SUPPORTING DOCUMENTATION. This document is circulated as received from the committee secretariat. ISO/DIS 22383:2019(E) Reference number © ISO 2019 ISO/DIS 22383:2019(E) W - IE 90 V af E 50 ef R i) t/ 3 P a is 38 . /s 2 D eh s -2 R t rd is .i : a d A s d d o- D d r an is N r da st e/ a n g/ c A d ta o c5 T n s al 5 S a ll t 2 t u ca 9 h (s F i/ 7 e a b8 T h. 0 i e -5 .it f s 1a rd -a a 4e nd 8 ta -4 /s e :/ 6 s 68 tp ht © ISO 2019 All rights reserved. UnlessCOPYRIGHT otherwise specified, PROTECTED or required inDOCUMENT the context of its implementation, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of the requester. CP 401 • Ch. de Blandonnet 8 CH-1214ISO copyrightVernier, Geneva office Phone: +41 22 749 01 11 PublishedWebsite: inFax: Switzerland www.iso.org +41 22 749 09 47 Email: [email protected] ii © ISO 2019 – All rights reserved ISO/DIS 22383:2019(E) Contents Page Foreword ........................................................................................................................................................................................................................................iv Introduction ..................................................................................................................................................................................................................................v 1 Scope ................................................................................................................................................................................................................................. 1 2 Normative reference ......................................................................................................................................................................................... 1 3 Terms and definitions ..................................................................................................................................................................................... 2 4 General principles ............................................................................................................................................................................................... 4 4.1 Introduction .............................................................................................................................................................................................. 4 ................................................................................. 5 4.3 Categorization of authentication solutions .................................................................................................................... 6 4.2 Security-by-Design4.3.1 Provision of process knowledge for Authentication .............................................................................................................................................. solutions 7 4.3.2 Inspection .............................................................................................................................................................................. 7 4.3.3 Categories of authentication elements ......................................................................................................... 8 5 Performance criteria specification based on risk analysis ...................................................................................... 9 5.1 Introduction .............................................................................................................................................................................................. 9 W .....................................................................................................................................................................E 0- 9 5.3 Performance criteria categories ............................................................................................................................................I f9 10 V 0a 5.25.4 RiskCriteria analysis for the elements selection of authenticationE elements .........................................................................................f5 10 ) /e ...........................................................................................................................................R i t 3 P a is 38 10 . /s 2 5.4.2 Attack resistance ...........................................................................................................................................................D eh s -2 11 R t rd is 5.4.15.4.3 PhysicalIntegration characteristics process ......................................................................................................................................................i : a d 12 A s d d o- 5.5 Attack resistance criteria forD thed selectionr ofan authenticationis tools .......................................................12 N r da st e/ 5.5.1 General...................................................................................................................................................................................a n g/ c 12 A d ta o c5 5.5.2 ObsolescenceT ....................................................................................................................................................................n s al 5 13 S a ll t 2 t u ca 9 h (s F i/ 7 .................................13 e a b8 T h. 0 .......................................................................13 i e -5 5.7 Criteria5.5.3 forAssessing the selection the vulnerability of authentication.it f and resistance solutions of ......................................................................................... authentication tools 13 s 1a 5.6 Criteria5.7.1 toLocation select authentication / environmentrd - aelements for the authentication and tools’ supply process ............................................................13 a 4e 5.7.2 Authentication parametersnd 8 ..................................................................................................................................14 ta -4 /s ...........................................................................................................................................................e 14 :/ 6 s .................................................................................................................................................................68 14 tp 5.7.3 Life cycleh tcriteria ..................14 5.7.45.7.6 SecurityOperation policy .............................................................................................................................................................................15 5.7.5 Compliance with regulations, security practices and quality procedures 6 Effectiveness assessment of the authentication solution .......................................................................................15 6.1 General ........................................................................................................................................................................................................15 6.1.1 Authentication solution effectiveness assessment ..........................................................................15 6.2 Effectiveness assessment in manufacturing of authentication elements ..........................................17 ......................................................................17 6.4 Effectiveness of the application of the authentication elements ..............................................................17 6.36.5 EffectivenessData management of the ............................................................................................................................................................................. delivery of the authentication elements 18 ....................18 ................18 6.6 Effectiveness