BS ISO 23195-2021 pdf download – Security objectives of information systems of third-party payment services
EXAMPLE Business messages sent and received by a mobile phone are a type of TPP transmitting data;business messages via a session established between a personal computer and a TPP-BIS through a TPPgatekeeper is also a type of TPP transmitting data.
4.2.2.6Authentication data provided by ASPSP
An ASPSP can provide ASPSP credentials to a payment service user.An ASPSP credential can be used toauthenticate the payment service user.
EXAMPLE Passwords, tokens or private keys used by a payer for the purpose of authenticationtowards the ASPSP.
There are several scenarios for the validation of authentication data. lt is a secure way that the TPPSP
redirects a request to the ASPSP which has provided the ASPSP credentials.A TPPSP is probablydelegated to validate the authentication data on behalf of the ASPSP and with the agreement of the
payment service user.
4.2.3 TPPSP’s TSF data
4.2.3.1General
TPPSP’s TSF data are generated in order to achieve the security objectives for the TPP informationsystem.Abuse or breach of this kind of data may cause technological risks, namely the system behaviour
can be changed regardless of whether the commercial business risks occur.
NOTE The term “TSF data” is taken from 1SO/IEC 15408,According to the methodology outlined inISO/IEC 15408, all data can be divided into two types,namely “user data” and “TSF data “. See 3.3.10 and 3.3.11.
4.2.3.2 TPPSP’s TSF protected data
Unauthorized roles may observe but shall not handle TSF protected data.Handling operations includecreating, modifying and deleting data.
The disclosure of this type of data is not critical to the security of the TPP information system providedthat their integrity is guaranteed.
EXAMPLE 1 Administrators and/or operators of TPP-BIS and /or TPP-AlS are generally the eligibleauthorized roles.
EXAMPLE 2A hash value of a message is a typical TPPSP’s TSF protected datum.4.2.3.3 TPPSP’s TSF confidential data
Unauthorized roles shall not access and handle any confidential data.
NOTE Access to a TPPSP’s TSF confidential data by any unauthorized role can compromise the security ofthe TPP information system.
EXAMPLE Authentication data, audit records, and the private key of a digital certificate are all TPPSP’sTSFconfidential data.
5Security problem definition
5.1General
This clause describes common security problems that need to be addressed by TPP systems. The rTarchitecture underpinning TPP business comprises different components, some of which implementsecurity functions. Security functions are instantiated based on the valid implementation of SFRspresented in the ST of the TOE.The ST’ specifies the SFRs by reference to an existing PP.
Generally, the TOE contains part of the whole IT architecture that underpins the TPP business.Throughthe security functions, along with the security assurance requirements, the security objectives definedin this document can be achieved.
In order to facilitate the identification of the security problems for TPP, security functional componentsin developing PP, product ST or both, this clause is arranged according to the order and requirementsgiven in ISO/IEC 15408-1.For simplicity, two kinds of problems are differentiated as follows:
-common security problems with a single description for all the components;
– specific security problems with an individual description at component level.5.2Threats
5.2.1 Threats to business configuration data
5.2.1.1 Unauthorized disclosure
The business configuration data described in 4.2.2.2 might be subject to unauthorized disclosure dueto malicious attack or software flaws.
Unauthorized disclosure can occur while the data are stored or transmitted.5.2.1.2 Unauthorized changes
TPP business configuration data described in 4.2.2.2 might be subject to unauthorized changes due tomalicious attack or software flaw. Such changes include modification of the original data, deletion ofthe original data or addition of new data.
Unauthorized changes can occur while the data are stored or transmitted.5.2.2 Threats to business cumulative data
5.2.2.1Unauthorized disclosure
TPP cumulative business data described in 4.2.2.3 might be subject to unauthorized disclosure due tomalicious attack or software flaws.
EXAMPLE lf the TPP cumulative business data are not completely erased before being disposed of orreallocated, accessing the storage space used for storing these data might cause data leakage.