EN 1300:2013

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.Wertbehältnisse - Klassifizierung von Hochsicherheitsschlössern nach ihrem Widerstandswert gegen unbefugtes ÖffnenUnités de stockage en lieux sûrs - Classification des serrures haute sécurité en fonction de leur résistance à l'éffractionSecure storage units - Classification for high security locks according to their resistance to unauthorized opening35.220.99Druge naprave za shranjevanje podatkovOther data storage devices13.310Varstvo pred kriminalomProtection against crimeICS:Ta slovenski standard je istoveten z:EN 1300:2013SIST EN 1300:2014en,fr,de01-julij-2014SIST EN 1300:2014SLOVENSKI
STANDARDSIST EN 1300:2004+A1:20111DGRPHãþD

EUROPEAN STANDARD NORME EUROPÉENNE EUROPÄISCHE NORM
EN 1300
November 2013 ICS 13.310 Supersedes EN 1300:2004+A1:2011English Version
Secure storage units - Classification for high security locks according to their resistance to unauthorized opening
Unités de stockage en lieux sûrs - Classification des serrures haute sécurité en fonction de leur résistance à l'effraction
Wertbehältnisse - Klassifizierung von Hochsicherheitsschlössern nach ihrem Widerstandswert gegen unbefugtes Öffnen This European Standard was approved by CEN on 14 May 2013.
CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management Centre has the same status as the official versions.
CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION EUROPÄISCHES KOMITEE FÜR NORMUNG
CEN-CENELEC Management Centre:
Avenue Marnix 17,
B-1000 Brussels © 2013 CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. EN 1300:2013 ESIST EN 1300:2014

Parameters for installation and operating instructions . 33 Annex B (normative)
Determination of manipulation resistance due to the design requirement . 35 Annex C (normative)
Manufacturer’s Declaration (applies only to key operated locks) . 42 Annex D (informative)
Lock dimensions . 43 Annex E (informative)
A-deviations . 44 Bibliography . 46 SIST EN 1300:2014

 addition of definitions (Clause 3) and requirements (subclause 5.1.7) for cryptography in distributed security systems;
 updating references to newer versions;  changing of the requirements for the input unit (subclause 5.1.5.4);  updating the test specimen of keys to a middle key cut design (subclause 7.3);  clarification and optimization of the immersion test (subclause 8.2.6.3);  correction of the heat resistance test (subclause 8.2.7.2);  editorial clarifications among others in subclauses 5.1.5.1, 5.2.7, 5.3.3, 7.1, 8.2.2.1, 8.2.4.3.2, 8.2.6.2 and 8.3.3.3.2;
 addition of parameters for operating instructions in Annex A. This document reflects the market demand to include requirements for distributed systems and electronic tokens and responds to the state of the art requirements when it was written down.
This European Standard has been prepared by Working Group 3 of CEN/TC 263 as one of a series of standards for secure storage of cash valuables and data media. Other standards in the series are, among others:  EN 1047-1, Secure storage units — Classification and methods of test for resistance to fire — Part 1: Data cabinets and diskette inserts  EN 1047-2, Secure storage units — Classification and methods of test for resistance to fire — Part 2: Data rooms and data container  EN 1143-1, Secure storage units — Requirements, classification and methods of test for resistance to burglary — Part 1: Safes, ATM safes, strongroom doors and strongrooms SIST EN 1300:2014

Codes can be entered into an HSL for comparison with memorized codes (processing unit). A correct match of an opening code allows movement of a blocking feature. 3.2 code identification information required which can be entered into a HSL and which, if correct, enables the security status of the HSL to be changed 3.2.1 opening code identification information which allows the HSL to be opened 3.2.2 recognized code identification information which allows access to the processing unit and which may also be an opening code 3.2.3 duress code parallel code which initiates some additional function 3.2.4 parallel code opening code which has identical function to that of an existing opening code but constructed of different figures 3.3 coding means method by which the code is held 3.3.1 material code code defined by the physical features or other properties of a token SIST EN 1300:2014

An electronic token incorporates an integrated circuit containing volatile and non-volatile memory, associated software and in many cases a microcontroller which communicates with an input unit by contact or contactless means. 3.8 mechanical HSL HSL which is secured by means of mechanical elements only 3.9 electronic HSL HSL which is secured partly or fully by electrical or electronic elements 3.10 blocking feature part of a HSL which, after inputting the correct opening code moves, or can be moved Note 1 to entry:
A blocking feature either secures a door or prevents movement of a boltwork. The bolt of a mechanical lock is an example of a blocking feature. 3.11 destructive burglary attack which damages the HSL in such a manner that it is irreversible and cannot be hidden from the authorized user 3.12 reliability ability to function and achieve the security requirements of this standard after a large number of duty cycles SIST EN 1300:2014

A HSL may function after manipulation although its security could be permanently degraded. 3.14 spying attempt to obtain unauthorized information 3.15 usable codes codes or tokens permitted by the manufacturer and conforming to the requirements of this standard
Note 1 to entry:
For mechanical HSL the number of usable codes is much less than the total number of codes to which the HSL can be set. 3.16 scrambled condition coding elements are not in the configuration necessary for the HSL to be opened without entering the complete correct code or proper token 3.17 locking sequence series of actions which start with an open door and are complete when the door is closed, bolted, locked and secure 3.18 open door door is not in its frame 3.19 closed door door is within its frame ready for throwing its bolt(s) 3.20 bolted door bolts are thrown 3.21 locked door boltwork cannot be withdrawn because of the HSL 3.22 secured door door is closed, bolted and locked with an HSL in the secured HSL condition 3.23 secured HSL condition blocking feature is thrown and can only be withdrawn after entering the opening code(s) 3.24 normal condition after testing, the HSL specimen is in the secured HSL condition, and all design functions are operating 3.25 operating condition after testing, the HSL specimen is in the secured HSL condition and can be unlocked with the opening code(s), but not all design functions are operable SIST EN 1300:2014

It shows a calculated result from using a tool with a certain value over a period of time.
3.28 penalty time time delay because of time exceeding the limit of trials 3.29 authentication method to prevent fraud by ensuring that communication with components of a distributed system can only be established after the identity of the components have been properly confirmed 3.30 cryptographic algorithm mathematical method for the transformation of data that includes the definition of parameters (e.g. key length and number of iterations or rounds) 3.30.1 asymmetric cryptographic algorithm
cryptographic algorithm that uses two related keys, a public key and a private key, which have the property that deriving the private key from the public key is computationally infeasible 3.30.2 symmetric cryptographic algorithm cryptographic algorithm that uses a single secret key for both encryption and decryption 3.31 cryptographic key parameter used in conjunction with a cryptographic algorithm which is used to control a cryptographic process such as encryption, decryption or authentication
Note 1 to entry: Knowledge of an appropriate key allows correct en- and/or decryption or validation of a message. 3.32 cryptographic module set of hardware and software that implements security functions for distributed systems and electronic tokens including cryptographic algorithms 3.33 distributed system system with components connected by a transmission system, wired or wireless Note 1 to entry:
It is assumed that the transmitted information can be accessed by a third party. A high security lock with components in separate locations is defined as distributed system. A lock system with two input units, one on the safe and the other remote (= distributed input unit) is an example of a distributed system). An electronic lock with a non-accessible transmission system in the sense of 5.1.5.3 of this standard or with a temporary on-site wired connection to a mobile device (e.g. Personal Computer) supervised by an authorized person is not considered as a distributed system. SIST EN 1300:2014

Dedicated lines, wired and wireless public switched networks may be used as the transmission path. 3.36 security relevant information codes according to 3.2, authentications, any code or key transmissions and changes as well as firmware updates of processing units 3.37 automatic key exchange cryptographic protocol that allows two components that could have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel 3.38 availability proportion of time a system is in functioning condition 4 Classification HSL are classified to an HSL class (A, B, C or D) according to Table 1, Table 2 and Table 3 by their security requirements. General requirements (see 5.1 and 5.2, 5.3) security and reliability requirements shall be met. NOTE HSL class A has the lowest requirements and HSL class D has the highest requirements. 5 Requirements 5.1 General requirements All requirements shall be tested according to 8.1.2. 5.1.1 Requirements for all classes 5.1.1.1 HSL shall only be opened by valid opening codes. The opening code(s) shall be retained as the only valid opening code(s) until deliberately reset. Overlaying or undocumented code(s) are not permitted. 5.1.1.2 Where mnemonic codes are used with a HSL these shall be able to be changed. 5.1.1.3 Any supplementary device (e.g. micro switch) which is fitted by the HSL manufacturer shall not be capable of being used to obtain information about the code. 5.1.1.4 An input unit is a necessary part of a HSL although one input unit may operate more than one HSL (processing unit). Each HSL shall have a processing unit to validate the correct code from the input unit. SIST EN 1300:2014

NOTE Optical systems are considered to be distributed systems. An example for a contactless electronic token is RFID card. 5.1.6.2.2 Mutual authentication Mutual authentication according to ISO/IEC 9798-2 or ISO/IEC 9798-4 shall be used. The time variant parameter such as time stamp, sequence numbers or random numbers to prevent valid authentication information from being accepted at a later time or more than once (see ISO/IEC 9798-1:2010, Annex B) shall have at least 32 bits. In addition to mutual authentication a valid opening code has to be used to open the HSL. 5.1.6.2.3 Cryptographic key The cryptographic key for symmetric algorithms shall have a minimum length of 64 bits for classes A and B and 128 bits for classes C and D and shall be intended only for the specific HSL model. Asymmetric algorithms shall have comparable key lengths with regard to the security level (NIST SP 800-57). The cryptographic key for symmetric algorithms or the private key for asymmetric algorithms shall never be sent out of the token. It may be part of the transmitted communication data into the electronic token for initialising purposes. The initialization process has to be done by an authorized person in a secure environment. This has to be stated in the user instructions. SIST EN 1300:2014

Security relevant information should be stored secure in the token and there should be a secure authentication. 5.1.6.4 Multi-use (only valid for class B, C and D) If the electronic token is designed to be used in applications other than the HSL system, the security relevant information shall not be accessible to the other applications. If the electronic token is not protected against multi-use, the following statement shall be included in the manual: Never use this electronic token in applications other than this HSL model. 5.1.7 Requirements for cryptography in distributed security systems 5.1.7.1 Information security 5.1.7.1.1 General This subclause focuses on confidentiality, authentication, integrity, availability, data transmission, information storage, cryptographic keys and their management. 5.1.7.1.2 Confidentiality
Security relevant information that is transmitted across a distributed system shall be encrypted to prevent unauthorized reading. For security relevant data transmission processes in distributed systems, symmetric algorithms such as TDEA 64 bit block and AES 128 bit block are the minimum requirements according to NIST SP 800-67 and FIPS 197 respectively. The encryption algorithm shall be used in a secure mode of operation such as CBC, CFB or GCM.
5.1.7.1.3 Authentication Authentication is required to start communication between devices of a distributed system. The authentication method has to be described by the manufacturer. 5.1.7.1.4 Integrity It shall be ensured that data has not been altered in an unauthorized manner since it was created, transmitted or stored. This includes the insertion, deletion and substitution of data. Accepted methods for ensuring integrity are MAC algorithms or digital signatures. 5.1.7.1.5 Availability If a distributed system is temporary not available this condition shall not compromise the level of security. SIST EN 1300:2014

5.1.7.1.8 Cryptographic keys for data transmission Distributed systems shall be equipped with cryptographic keys generated at random except for preset factory cryptographic key(s) for classes B, C and D. FIPS Pub 140-2 4.7.1 (random number generators) security requirements shall be considered for the generation of random numbers. The cryptographic keys have to be field changeable from HSL class B on. They may be field changeable in HSL class A as well. If a new key is confirmed, the new key shall be the only usable one. 5.1.7.1.9 Cryptographic key modification 5.1.7.1.9.1 General The preset factory cryptographic key(s) shall be modified before putting the distributed system into operation. If cryptographic keys are not field changeable (HSL class A only), measures shall be implemented to prevent those persons intimately involved in the production of locks to identify the customer location to which they are dispatched. This has to be ensured by means of a manufacturer’s declaration. Non-changeable keys shall only be applicable for systems with class A locks. 5.1.7.1.9.2 Key exchange Key exchanges shall use asymmetric methods (based on algorithms such as RSA, ECC) or symmetric methods (such as Kerberos 5). The mechanisms for key exchange shall provide at least the equivalent security strength as the methods of data transmission. To get an overview of appropriate key sizes and the equivalence between symmetric and asymmetric key lengths, refer to NIST SP 800-57. When the key exchange is triggered automatically or manually the frequency of the key exchange has to follow NIST SP 800-57.
5.1.7.1.9.3 Key change The manufacturer has to provide a user instruction explaining the procedure and frequency for key changes. Changes shall be done only after input of an authorization code. If the key change is done out of band (outside of previously established communications method), subclause 5.1.7.1.7 has to be followed. 5.1.7.2 Security of distributed input unit 5.1.7.2.1 General This requirement shall be met only if security related data are transmitted. 5.1.7.2.2 Physical security In a distributed system any input unit has to follow 5.1.5.4, including class A locks.
Minimum Minimum
Resistance Resistance
units RU units RU
Material
Mnemonic Any
Mnemonic
Coding Coding b
A
Electronic None 25 000 80 000 300 30 80
Mechanical Not 25 000 80 000 Not 30 80
applicable
applicable
B
Electronic 10 (as of 3 users) 100 000 100 000 100 60 135
Mechanical Not
applicable 100 000 100 000 Not applicable 60 135 C
Electronic 50 1 000 000 1 000 000 30 100 250
Mechanical Not 1 000 000 1 000 000 Not applicable 100 250
applicable
D
Electronic 500 3 000 000 3 000 000
10 620 500
Mechanical Not 3 000 000 3 000 000
10 a 620 500
applicable
a
Excluding key operated locks. b
The minimum number of figures required, for electronic locks only, is six (6).
Resistance against radiated radio-frequency electromagnetic fields (Test method EN 61000-4-3)
HSL class Lock conditions a Test
A to B O b FS b conditions C to D n.a.
O b
Test level 3 c 4 c
Resistance against conducted disturbances, induced by radio-frequency fields (Test method EN 61000-4-6)
HSL class Lock conditions a Test
A to B FS b conditions C to D O b
Test level 3
Resistance to electrostatic discharge, fast transient bursts and high energy voltage surge
HSL class Lock conditions a
A to D O FS
EN 61000-4-2 4
Test level EN 61000-4-4
EN 61000-4-5
4 a N = Normal operation O = Operable FS = Fail secure b Denotes the condition in which the HSL should be after the test in the worst case. c Frequency range 80 MHz to 2 GHz.
5.3 Reliability requirements 5.3.1 After being subjected to 10 000 cycles according to 8.3.1, the HSL shall be in its normal condition. 5.3.2 Code input by rotating a dial shall not deviate from the setting by more than 1 % of the total setting range after testing for dynamic code input to 8.3.3. 5.3.3 Code changeable mechanical HSL shall be in the normal condition after 100 code changes have been made, according to 8.3.2. 6 Technical documentation The following technical documentation shall accompany the test specimen: 6.1 Detailed construction drawings, with dimensions and tolerances. 6.2 The calculation of usable codes and all relevant parameters for that calculation. 6.3 Characteristics of detaining features including:  dimension of the bolt head or other blocking component;  blocking feature movement during locking of the bolt head or blocking element. 6.4 All dimensional values necessary for linking or connecting the HSL to external devices (e.g. code input device, means by which blocking feature is moved) including:  size of code entry hole (e.g. keyhole);  sizes of spindles, dials and dial rings;  size(s) of cable connections. 6.5 Detailed description of the means for setting and changing codes and any precautions to be observed. 6.6 Parameters for installation. 6.7 Operating instructions. SIST EN 1300:2014

1 000 cycling operations (see 8.3.1.) before the manipulation test. These specimens shall not be subject to any other test prior to the manipulation test. Testing against cryptographic requirements is based on examination of manufacturer’s description of the system which has to contain a list of the referenced standards. 8.1.2 Evaluation by inspection All requirements according to 5.1 have to be evaluated by inspection. 8.1.3 Test procedure Simulate the use in a Secure Storage Unit by mounting the test specimens, according to the manufacturer’s instructions, on a steel mounting plate and cover, both of which are free of holes other than those required for mounting in accordance with the technical documentation (see Clause 6) and Figure 1, for the following tests: manipulation resistance (see 8.2.2), destructive burglary resistance (see 8.2.3), spying resistance (see 8.2.4), electrical and electromagnetic resistance (see 8.2.5). Where the dynamic code input is carried out by cycling equipment it shall not be necessary to use a simulated (dummy) Secure Storage Unit. Allow access to the specimen in accordance with the technical documentation in Clause 6. When the test specimen is an electronic HSL the cover shall be made of steel and joined to the steel mounting plate by screws spaced at less than 50 mm around all four sides of the steel plate. Carry out the manipulation resistance test (see 8.2.2), destructive burglary resistance test (see 8.2.3) and spying resistance test (see 8.2.4) against only those parts of the test specimen accessible when it is mounted on the steel plate and without forcibly penetrating the steel plate or the cover. The burglary test shall exclude any attack against the lock case or its cap (cover), from inside the lock, which causes any part of the case or cap to be damaged, and/or partly removed or completely removed. When the secured condition of the test specimen has to be monitored it shall be carried out to an accuracy of 5 ms. SIST EN 1300:2014
...