ISO/TS 12812-2:2017 核心银行 移动金融服务 第2部分：移动金融服务的安全性和数据保护

标准编号：ISO/TS 12812-2:2017

中文名称：核心银行 移动金融服务 第2部分：移动金融服务的安全性和数据保护

英文名称：Core banking — Mobile financial services — Part 2: Security and data protection for mobile financial services

发布日期：2017-03

标准范围

ISO 12812-2:20 17描述并指定了管理MFS安全性的框架。它包括-用于设计安全策略的通用模型，-一组最小安全要求，-用于移动设备身份验证、金融信息安全交换和外部身份验证的推荐加密协议和机制，包括以下内容:MFS需要考虑的点对点方面；要考虑的端到端方面；安全认证方面；生成移动数字签名；-MFS安全认证的互操作性问题，-保护敏感数据的建议，-执行国家法律和条例（例如反洗钱和打击资助恐怖主义行为）的准则，以及-安全管理考虑。为了避免重复其他组织已经进行的标准化工作，本文件将根据需要参考其他国际标准。在这方面，本文件的用户被引导至由ISO/TC 68/SC 2和ISO/IEC JTC 1/SC 27开发和发布的材料。

ISO 12812-2:2017 describes and specifies a framework for the management of the security of MFS. It includes- a generic model for the design of the security policy,- a minimum set of security requirements,- recommended cryptographic protocols and mechanisms for mobile device authentication, financial message secure exchange and external authentication, including the following:

1. point-to-point aspects to consider for MFS;
2. end-to-end aspects to consider;
3. security certification aspects;
4. generation of mobile digital signatures;

- interoperability issues for the secure certification of MFS,- recommendations for the protection of sensitive data,- guidelines for the implementation of national laws and regulations (e.g. anti-money laundering and combating the funding of terrorism (AML/CFT), and- security management considerations.In order to avoid the duplication of standardization work already performed by other organizations, this document will reference other International Standards as required. In this respect, users of this document are directed to materials developed and published by ISO/TC 68/SC 2 and ISO/IEC JTC 1/SC 27.

标准预览图