Thursday, October 20, 2011

PCI Point-to-Point Encryption

PCI Point-to-Point Encryption: Solution Requirements –
https://www.pcisecuritystandards.org/documents/nb59Y8Qqv/P2PE_Hardware_Solution_%20Requirements_Initial_Release.pdf

Table of Contents
Document Changes ...................................................................................................................................................................................................... i
Preface .......................................................................................................................................................................................................................... 1
Definition of Secure Cryptographic Devices (SCDs) to be used for Point-to-Point Encryption................................................................................... 1
Definition of Account Data ........................................................................................................................................................................................... 2
Introduction: Solution Requirements for Point-to-Point Encryption...................................................................................................................... 3
Purpose of this Document ........................................................................................................................................................................................... 3
P2PE Roles and Responsibilities ................................................................................................................................................................................ 4
Table 1: At-a-Glance – Domains and Requirements for P2PE Validation – Solutions with SCD Encryption/Decryption and Key Management .. 8
Figure 1: At-a-Glance - Steps Required to Create and Validate a P2PE Solution ................................................................................................ 11
Table 2: At a Glance - Requirements and Processes for P2PE Solution Validation ............................................................................................ 12
Figure 2: At a Glance - Illustration of a typical P2PE Implementation and Associated Requirements .................................................................. 14
Domain 1: Encryption Device ................................................................................................................................................................................... 17
P2PE Requirements for Domain 1 ............................................................................................................................................................................ 17
Domain 2: Application Security................................................................................................................................................................................ 23
P2PE Requirements for Domain 2 ............................................................................................................................................................................ 24
Domain 3: Encryption Environment ......................................................................................................................................................................... 29
P2PE Requirements for Domain 3 ............................................................................................................................................................................ 30
Domain 4: Transmissions between Encryption and Decryption Environments ................................................................................................. 38
Domain 5: Decryption Environment ......................................................................................................................................................................... 39
P2PE Requirements for Domain 5 ............................................................................................................................................................................ 40
Domain 6: Cryptographic Key Operations .............................................................................................................................................................. 46
P2PE Requirements for Domain 6 ............................................................................................................................................................................ 48
Cryptographic Key Operations – Annex A: Symmetric Key Distribution using Asymmetric Techniques ....................................................... 67
Requirements for Remote Key Establishment and Distribution – Logical Security................................................................................................... 67
Requirements for Remote Key Establishment and Distribution – Physical Security................................................................................................. 75
Cryptographic Key Operations – Annex B: Key-Injection Facilities..................................................................................................................... 78
Requirements for Key-Injection Facilities .................................................................................................................................................................. 79
Appendix A: PCI DSS Validation for P2PE Merchants ........................................................................................................................................... 81
Appendix B: Glossary................................................................................................................................................................................................ 85
Appendix C: Minimum Key Sizes and Equivalent Key Strengths ........................................................................................................................

No comments:

Post a Comment