BS ISO 9564-2:2014 BSl Standards Publication Financial services Personal Identification Number (PIN) management and security Part 2: Approved algorithms for PIN encipherment bsi. ..making excellence a habit: BRITISH STANDARD BS ISO 9564-2:2014 National foreword This British Standard is the UK implementation of IS0 9564-2:2014. It supersedes BS ISO 9564-2:2005 which is withdrawn. The UK participation in its preparation was entrusted to Technical Committee IST/12,Financial services. A list of organizations represented on this committee can be obtained on request to its secretary. This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application. @ The British Standards Institution 2014.Published by BSI Standards Limited 2014 ISBN9780580793875 ICS 35.240.40 Compliancewitha BritishStandard cannot confer immunity from legal obligations. This British Standard was published under the authority of the Standards Policy and Strategy Committee on 31August 2014. Amendments issued since publication Date Text affected BS ISO 9564-2:2014 ISO INTERNATIONAL STANDARD 9564-2 Third edition 2014-08-01 Financial services Personal Identification Number (PIN) management and security Part 2: Approved algorithms for PIN encipherment Services financiers-Gestion et sécurité dunumero personnel d'identification (PIN) Partie 2: Algorithmesapprouvés pour le chiffrement du PIN Reference number IS0 9564-2:2014(E) O @ ISO 2014 BSISO 9564-2:2014 IS0 9564-2:2014(E) COPYRIGHTPROTECTEDDOCUMENT @ISO 2014 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISo's member body in the country of the requester. ISO copyright office Case postale 56.CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail [email protected] Web www.iso.org Published in Switzerland ii ISO 2014-Allrights reserved BS ISO9564-2:2014 IS0 9564-2:2014(E) Contents Page Foreword iv Introduction V 1 Scope 1 2 Normativereferences .1 3 Triple Data Encryption Algorithm (TDEA) 1 3.1 Definition oftheTDEAalgorithm 1 3.2 Use of the TDEA algorithm. 1 4 RSA encryption algorithm 1 4.1 Definition of theRSAalgorithm 12 4.2 Use of the RSA algorithm 5 AES encryption algorithm 2 5.1 Definition of theAES algorithm 22 5.2 Use of theAESalgorithm @ IS0 2014 - All rights reserved iii BS ISO 9564-2:2014 IS0 9564-2:2014(E) Foreword Iso (the International Organization for Standardization) is a worldwide federation of national standards bodies (Iso member bodies). The work of preparing International Standards is normally carried out through Iso technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations,governmental andnon-governmental, inliaison with Iso, also takepart inthe work ISo collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization. The procedures used to develop this document and those intended for its further maintenance are described in theISo/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of Iso documents should be noted. This document was drafted in accordance with the editorial rules of the ISo/IEC Directives, Part 2 (see www.iso.org/directives). Attention is drawn to thepossibilitythat some ofthe elements of this documentmaybethe subject of patent rights. IsO shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of thedocumentwill be inthe Introductionand/or ontheIsolistofpatentdeclarationsreceived