This part aims to define the security evaluation test of security chip for mobile payment. This part is mainly applicable to organizations engaged in design, manufacture, evaluation and test of security chip for mobile payment. Card issuer of security chip card may also refer to this part to further understand the security risk to security chip for mobile payment and assist risk control process.
The requirements relevant to security function test and anti-attack capacity test are defined in this part.
2 Terms and Definitions
For the purposes of this document, the following terms and definitions apply.
2.1
non volatile memory (NVM)
a kind of memory in which the data stored will not disappear after power off, which is generally used for program and data storage; currently those adopted on security chip mainly include electrically erasable memory and flash memory
2.2
non volatile programmable memory
programmable memory the data stored in which will not disappear after power off
2.3
read-only memory (ROM)
memory only capable of reading the data stored beforehand, the data once stored in which cannot be changed or deleted, which is generally used in electronic equipment or computer system with data non-frequently changed and not disappeared due to power off
2.4
random access memory (RAM)
memory the content in whose memory cell may randomly be read or stored, with the access speed irrelevant to the memory cell location, the contents stored in which will be lost after power off and which is mainly used for storage of data used within short time
2.5
invasive attack
attack directly to silicon crystal on the security chip, with the packaging material opened and security chip surface exposed, along with which the circuit may be directly touched physically, the data be eavesdropped or modified, and the hardware be physically modified
2.6
semi-invasive attack
attack requiring that SE is opened and security chip surface is exposed; the attacker will attempt to touch the circuit through contactless methods like manipulating the attack through flash light, eavesdropping data through measuring the electromagnetic field close to security chip surface, etc.
2.7
non-invasive attack
an attack, during which SE is not opened and the security chip is still embedded in packaging material, which attack makes use of all obtainable information surrounding the security chip that is executing task
2.8
threats
any compulsive behavior resulting in negative influence
2.9
attack
behavior of attacker for achieving the attack purpose, with the attack object of attacker selected in secret data or physical platform in all threats
2.10
personal identification number (PIN)
secret identification code preventing security chip from being misused, which is similar to password and only known to the owner of SE; only the security chip owner who knows the PIN can use the security chip
2.11
flip chip
a kind of structure without pin which generally contains circuit unit and is designed for passing through proper quantity of tin balls (covered by conductive adhesive) on its surface and connected to circuit electrically and mechanically
Foreword i Introduction iii 1 Scope 2 Terms and Definitions 3 Symbols and Abbreviations 4 Security Requirements Overview 5 Security Function Test 6 Anti-attack Capacity Test Annex A (Normative) Detailed Description for Anti-attack Security Requirements of Chips Annex B (Normative) Mapping between Test Items and Security Function Requirements or Anti-attack Capacity Requirements Annex C (Normative) Judgment Method of Test Results References
Standard
JR/T 0098.2-2012 China Financial Mobile Payment-Test Specifications-Part 2:Security Chip (English Version)
Standard No.
JR/T 0098.2-2012
Status
valid
Language
English
File Format
PDF
Word Count
12000 words
Price(USD)
300.0
Implemented on
2012-12-12
Delivery
via email in 1 business day
Detail of JR/T 0098.2-2012
Standard No.
JR/T 0098.2-2012
English Name
China Financial Mobile Payment-Test Specifications-Part 2:Security Chip
Chinese Name
中国金融移动支付 检测规范 第2部分:安全芯片
Chinese Classification
Professional Classification
JR
ICS Classification
Issued by
China People's Bank
Issued on
2012-12-12
Implemented on
2012-12-12
Status
valid
Superseded by
Superseded on
Abolished on
Superseding
Language
English
File Format
PDF
Word Count
12000 words
Price(USD)
300.0
Keywords
JR/T 0098.2-2012, JR 0098.2-2012, JRT 0098.2-2012, JR/T0098.2-2012, JR/T 0098.2, JR/T0098.2, JR0098.2-2012, JR 0098.2, JR0098.2, JRT0098.2-2012, JRT 0098.2, JRT0098.2
Introduction of JR/T 0098.2-2012
1 Scope
This part aims to define the security evaluation test of security chip for mobile payment. This part is mainly applicable to organizations engaged in design, manufacture, evaluation and test of security chip for mobile payment. Card issuer of security chip card may also refer to this part to further understand the security risk to security chip for mobile payment and assist risk control process.
The requirements relevant to security function test and anti-attack capacity test are defined in this part.
2 Terms and Definitions
For the purposes of this document, the following terms and definitions apply.
2.1
non volatile memory (NVM)
a kind of memory in which the data stored will not disappear after power off, which is generally used for program and data storage; currently those adopted on security chip mainly include electrically erasable memory and flash memory
2.2
non volatile programmable memory
programmable memory the data stored in which will not disappear after power off
2.3
read-only memory (ROM)
memory only capable of reading the data stored beforehand, the data once stored in which cannot be changed or deleted, which is generally used in electronic equipment or computer system with data non-frequently changed and not disappeared due to power off
2.4
random access memory (RAM)
memory the content in whose memory cell may randomly be read or stored, with the access speed irrelevant to the memory cell location, the contents stored in which will be lost after power off and which is mainly used for storage of data used within short time
2.5
invasive attack
attack directly to silicon crystal on the security chip, with the packaging material opened and security chip surface exposed, along with which the circuit may be directly touched physically, the data be eavesdropped or modified, and the hardware be physically modified
2.6
semi-invasive attack
attack requiring that SE is opened and security chip surface is exposed; the attacker will attempt to touch the circuit through contactless methods like manipulating the attack through flash light, eavesdropping data through measuring the electromagnetic field close to security chip surface, etc.
2.7
non-invasive attack
an attack, during which SE is not opened and the security chip is still embedded in packaging material, which attack makes use of all obtainable information surrounding the security chip that is executing task
2.8
threats
any compulsive behavior resulting in negative influence
2.9
attack
behavior of attacker for achieving the attack purpose, with the attack object of attacker selected in secret data or physical platform in all threats
2.10
personal identification number (PIN)
secret identification code preventing security chip from being misused, which is similar to password and only known to the owner of SE; only the security chip owner who knows the PIN can use the security chip
2.11
flip chip
a kind of structure without pin which generally contains circuit unit and is designed for passing through proper quantity of tin balls (covered by conductive adhesive) on its surface and connected to circuit electrically and mechanically
Contents of JR/T 0098.2-2012
Foreword i
Introduction iii
1 Scope
2 Terms and Definitions
3 Symbols and Abbreviations
4 Security Requirements Overview
5 Security Function Test
6 Anti-attack Capacity Test
Annex A (Normative) Detailed Description for Anti-attack Security Requirements of Chips
Annex B (Normative) Mapping between Test Items and Security Function Requirements or Anti-attack Capacity Requirements
Annex C (Normative) Judgment Method of Test Results
References
