SIST EN 1300:2014

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.Wertbehältnisse - Klassifizierung von Hochsicherheitsschlössern nach ihrem Widerstandswert gegen unbefugtes ÖffnenUnités de stockage en lieux sûrs - Classification des serrures haute sécurité en fonction de leur résistance à l'éffractionSecure storage units - Classification for high security locks according to their resistance to unauthorized opening35.220.99Druge naprave za shranjevanje podatkovOther data storage devices13.310Varstvo pred kriminalomProtection against crimeICS:Ta slovenski standard je istoveten z:EN 1300:2013SIST EN 1300:2014en,fr,de01-julij-2014SIST EN 1300:2014SLOVENSKI
STANDARDSIST EN 1300:2004+A1:20111DGRPHãþD



SIST EN 1300:2014



EUROPEAN STANDARD NORME EUROPÉENNE EUROPÄISCHE NORM
EN 1300
November 2013 ICS 13.310 Supersedes EN 1300:2004+A1:2011English Version
Secure storage units - Classification for high security locks according to their resistance to unauthorized opening
Unités de stockage en lieux sûrs - Classification des serrures haute sécurité en fonction de leur résistance à l'effraction
Wertbehältnisse - Klassifizierung von Hochsicherheitsschlössern nach ihrem Widerstandswert gegen unbefugtes Öffnen This European Standard was approved by CEN on 14 May 2013.
CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management Centre has the same status as the official versions.
CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION EUROPÄISCHES KOMITEE FÜR NORMUNG
CEN-CENELEC Management Centre:
Avenue Marnix 17,
B-1000 Brussels © 2013 CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. EN 1300:2013 ESIST EN 1300:2014



EN 1300:2013 (E) 2 Contents Page Foreword .3 1 Scope .6 2 Normative references .6 3 Terms and definitions .7 4 Classification . 11 5 Requirements . 11 6 Technical documentation . 20 7 Test specimens . 21 8 Test methods . 22 9 Test report . 31 10 Marking . 32 Annex A (normative)
Parameters for installation and operating instructions . 33 Annex B (normative)
Determination of manipulation resistance due to the design requirement . 35 Annex C (normative)
Manufacturer’s Declaration (applies only to key operated locks) . 42 Annex D (informative)
Lock dimensions . 43 Annex E (informative)
A-deviations . 44 Bibliography . 46 SIST EN 1300:2014



EN 1300:2013 (E) 3 Foreword This document (EN 1300:2013) has been prepared by Technical Committee CEN/TC 263 “Secure storage of cash, valuables and data media”, the secretariat of which is held by BSI. This European Standard shall be given the status of a national standard, either by publication of an identical text or by endorsement, at the latest by May 2014, and conflicting national standards shall be withdrawn at the latest by May 2014. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN [and/or CENELEC] shall not be held responsible for identifying any or all such patent rights. This document supersedes EN 1300:2004+A1:2011. In comparison with EN 1300:2004+A1:2011, the following changes have been made:  addition of definitions (Clause 3) and requirements (subclause 5.1.6) for contactless electronic tokens;
 addition of definitions (Clause 3) and requirements (subclause 5.1.7) for cryptography in distributed security systems;
 updating references to newer versions;  changing of the requirements for the input unit (subclause 5.1.5.4);  updating the test specimen of keys to a middle key cut design (subclause 7.3);  clarification and optimization of the immersion test (subclause 8.2.6.3);  correction of the heat resistance test (subclause 8.2.7.2);  editorial clarifications among others in subclauses 5.1.5.1, 5.2.7, 5.3.3, 7.1, 8.2.2.1, 8.2.4.3.2, 8.2.6.2 and 8.3.3.3.2;
 addition of parameters for operating instructions in Annex A. This document reflects the market demand to include requirements for distributed systems and electronic tokens and responds to the state of the art requirements when it was written down.
This European Standard has been prepared by Working Group 3 of CEN/TC 263 as one of a series of standards for secure storage of cash valuables and data media. Other standards in the series are, among others:  EN 1047-1, Secure storage units — Classification and methods of test for resistance to fire — Part 1: Data cabinets and diskette inserts  EN 1047-2, Secure storage units — Classification and methods of test for resistance to fire — Part 2: Data rooms and data container  EN 1143-1, Secure storage units — Requirements, classification and methods of test for resistance to burglary — Part 1: Safes, ATM safes, strongroom doors and strongrooms SIST EN 1300:2014



EN 1300:2013 (E) 4  EN 1143-2, Secure storage units — Requirements, classification and methods of test for resistance to burglary — Part 2: Deposit systems  EN 14450, Secure storage units — Requirements, classification and methods of test for resistance to burglary — Secure safe cabinets According to the CEN-CENELEC Internal Regulations, the national standards organizations of the following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom.
SIST EN 1300:2014



EN 1300:2013 (E) 5 Introduction This European Standard also specifies requirements for high security electronic locks (HSL) which are controlled remotely. Regarding distributed systems, this standard responds to the state of the art requirements when it was written down. It is mandatory that the standard has to be revised with a frequency of 3 years as the research in the area of cryptography and relevant attacks evolve with high speed as well as the referenced standards.
SIST EN 1300:2014



EN 1300:2013 (E) 6 1 Scope This European Standard specifies requirements for high security locks (HSL) for reliability, resistance to burglary and unauthorized opening with methods of testing. It also provides a scheme for classifying HSL in accordance with their assessed resistance to burglary and unauthorized opening. It applies to mechanical and electronic HSL. The following features may be included as optional subjects but they are not mandatory: a) recognized code for preventing code altering and/or enabling/disabling parallel codes; b) recognized code for disabling time set up; c) integration of alarm components or functions; d) remote control duties; e) resistance to attacks with acids; f) resistance to X-rays; g) resistance to explosives; h) time functions. 2 Normative references The following documents, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. EN 1143-1, Secure storage units — Requirements, classification and methods of test for resistance to burglary — Part 1: Safes, ATM safes, strongroom doors and strongrooms EN 60068-2-1:2007, Environmental testing — Part 2-1: Tests — Test A: Cold (IEC 60068-2-1:2007) EN 60068-2-2:2007, Environmental testing — Part 2-2: Tests — Test B: Dry heat (IEC 60068-2-2:2007) EN 60068-2-6:2008, Environmental testing — Part 2-6: Tests — Test Fc: Vibration (sinusoidal) (IEC 60068-2-6:2007) EN 60068-2-17:1994, Environmental testing — Part 2: Tests — Test Q: Sealing (IEC 60068-2-17:1994) EN 61000-4-2, Electromagnetic compatibility (EMC) — Part 4-2: Testing and measurement techniques — Electrostatic discharge immunity test (IEC 61000-4-2) EN 61000-4-3, Electromagnetic compatibility (EMC) — Part 4-3: Testing and measurement techniques — Radiated, radio-frequency, electromagnetic field immunity test (IEC 61000-4-3) EN 61000-4-4, Electromagnetic compatibility (EMC) — Part 4-4: Testing and measurement techniques — Electrical fast transient/burst immunity test (IEC 61000-4-4) EN 61000-4-5, Electromagnetic compatibility (EMC) — Part 4-5: Testing and measurement techniques — Surge immunity test (IEC 61000-4-5) SIST EN 1300:2014



EN 1300:2013 (E) 7 EN 61000-4-6, Electromagnetic compatibility (EMC) — Part 4-6: Testing and measurement techniques — Immunity to conducted disturbances, induced by radio-frequency fields (IEC 61000-4-6) EN ISO 6988, Metallic and other non-organic coatings — Sulfur dioxide test with general condensation of moisture (ISO 6988) ISO/IEC 9798-1:2010, Information technology — Security techniques — Entity authentication — Part 1: General ISO/IEC 9798-2, Information technology — Security techniques — Entity authentication — Part 2: Mechanisms using symmetric encipherment algorithms ISO/IEC 9798-4, Information technology — Security techniques — Entity authentication — Part 4: Mechanisms using a cryptographic check function 3 Terms and definitions For the purposes of this document, the following terms and definitions apply. 3.1 High Security Lock HSL independent assembly normally fitted to doors of secure storage units Note 1 to entry:
Codes can be entered into an HSL for comparison with memorized codes (processing unit). A correct match of an opening code allows movement of a blocking feature. 3.2 code identification information required which can be entered into a HSL and which, if correct, enables the security status of the HSL to be changed 3.2.1 opening code identification information which allows the HSL to be opened 3.2.2 recognized code identification information which allows access to the processing unit and which may also be an opening code 3.2.3 duress code parallel code which initiates some additional function 3.2.4 parallel code opening code which has identical function to that of an existing opening code but constructed of different figures 3.3 coding means method by which the code is held 3.3.1 material code code defined by the physical features or other properties of a token SIST EN 1300:2014



EN 1300:2013 (E) 8 3.3.2 mnemonic code remembered code consisting of numeric and/or alphabetic information 3.3.3 biometric code code comprising human characteristics 3.3.4 one time code code changing after each use generated by use of an algorithm 3.4 input unit part of an HSL which communicates codes to a processing unit 3.5 processing unit part of an HSL which evaluates whether the input code is correct and enables or prevents movement of a locking device 3.6 locking device bolt stump or bolt stumps which form part of an HSL which enables or prevents movement of a blocking feature 3.7 token object whose physical form or properties defines a recognized code, e.g. a key Note 1 to entry:
An electronic token incorporates an integrated circuit containing volatile and non-volatile memory, associated software and in many cases a microcontroller which communicates with an input unit by contact or contactless means. 3.8 mechanical HSL HSL which is secured by means of mechanical elements only 3.9 electronic HSL HSL which is secured partly or fully by electrical or electronic elements 3.10 blocking feature part of a HSL which, after inputting the correct opening code moves, or can be moved Note 1 to entry:
A blocking feature either secures a door or prevents movement of a boltwork. The bolt of a mechanical lock is an example of a blocking feature. 3.11 destructive burglary attack which damages the HSL in such a manner that it is irreversible and cannot be hidden from the authorized user 3.12 reliability ability to function and achieve the security requirements of this standard after a large number of duty cycles SIST EN 1300:2014



EN 1300:2013 (E) 9 3.13 manipulation method of attack aimed at removing the blocking function without causing damage obvious to the user Note 1 to entry:
A HSL may function after manipulation although its security could be permanently degraded. 3.14 spying attempt to obtain unauthorized information 3.15 usable codes codes or tokens permitted by the manufacturer and conforming to the requirements of this standard
Note 1 to entry:
For mechanical HSL the number of usable codes is much less than the total number of codes to which the HSL can be set. 3.16 scrambled condition coding elements are not in the configuration necessary for the HSL to be opened without entering the complete correct code or proper token 3.17 locking sequence series of actions which start with an open door and are complete when the door is closed, bolted, locked and secure 3.18 open door door is not in its frame 3.19 closed door door is within its frame ready for throwing its bolt(s) 3.20 bolted door bolts are thrown 3.21 locked door boltwork cannot be withdrawn because of the HSL 3.22 secured door door is closed, bolted and locked with an HSL in the secured HSL condition 3.23 secured HSL condition blocking feature is thrown and can only be withdrawn after entering the opening code(s) 3.24 normal condition after testing, the HSL specimen is in the secured HSL condition, and all design functions are operating 3.25 operating condition after testing, the HSL specimen is in the secured HSL condition and can be unlocked with the opening code(s), but not all design functions are operable SIST EN 1300:2014



EN 1300:2013 (E) 10 3.26 fail secure after testing, the HSL specimen is in the secured HSL condition, but not all design functions are operable therefore it cannot be unlocked with the opening code(s) 3.27 resistance unit RU value for burglary and manipulation resistance Note 1 to entry:
It shows a calculated result from using a tool with a certain value over a period of time.
3.28 penalty time time delay because of time exceeding the limit of trials 3.29 authentication method to prevent fraud by ensuring that communication with components of a distributed system can only be established after the identity of the components have been properly confirmed 3.30 cryptographic algorithm mathematical method for the transformation of data that includes the definition of parameters (e.g. key length and number of iterations or rounds) 3.30.1 asymmetric cryptographic algorithm
cryptographic algorithm that uses two related keys, a public key and a private key, which have the property that deriving the private key from the public key is computationally infeasible 3.30.2 symmetric cryptographic algorithm cryptographic algorithm that uses a single secret key for both encryption and decryption 3.31 cryptographic key parameter used in conjunction with a cryptographic algorithm which is used to control a cryptographic process such as encryption, decryption or authentication
Note 1 to entry: Knowledge of an appropriate key allows correct en- and/or decryption or validation of a message. 3.32 cryptographic module set of hardware and software that implements security functions for distributed systems and electronic tokens including cryptographic algorithms 3.33 distributed system system with components connected by a transmission system, wired or wireless Note 1 to entry:
It is assumed that the transmitted information can be accessed by a third party. A high security lock with components in separate locations is defined as distributed system. A lock system with two input units, one on the safe and the other remote (= distributed input unit) is an example of a distributed system). An electronic lock with a non-accessible transmission system in the sense of 5.1.5.3 of this standard or with a temporary on-site wired connection to a mobile device (e.g. Personal Computer) supervised by an authorized person is not considered as a distributed system. SIST EN 1300:2014



EN 1300:2013 (E) 11 3.34 encryption procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it Note 1 to entry: During the encryption procedure, a cryptographic algorithm using the cryptographic key is used to transform plaintext into cipher text. This procedure is composed of:  the mode of operation, describing the way to process data with the algorithm;  the padding scheme, describing the way to fill up data strings to a defined length. 3.35 transmission system communication system between the elements of a distributed system Note 1 to entry:
Dedicated lines, wired and wireless public switched networks may be used as the transmission path. 3.36 security relevant information codes according to 3.2, authentications, any code or key transmissions and changes as well as firmware updates of processing units 3.37 automatic key exchange cryptographic protocol that allows two components that could have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel 3.38 availability proportion of time a system is in functioning condition 4 Classification HSL are classified to an HSL class (A, B, C or D) according to Table 1, Table 2 and Table 3 by their security requirements. General requirements (see 5.1 and 5.2, 5.3) security and reliability requirements shall be met. NOTE HSL class A has the lowest requirements and HSL class D has the highest requirements. 5 Requirements 5.1 General requirements All requirements shall be tested according to 8.1.2. 5.1.1 Requirements for all classes 5.1.1.1 HSL shall only be opened by valid opening codes. The opening code(s) shall be retained as the only valid opening code(s) until deliberately reset. Overlaying or undocumented code(s) are not permitted. 5.1.1.2 Where mnemonic codes are used with a HSL these shall be able to be changed. 5.1.1.3 Any supplementary device (e.g. micro switch) which is fitted by the HSL manufacturer shall not be capable of being used to obtain information about the code. 5.1.1.4 An input unit is a necessary part of a HSL although one input unit may operate more than one HSL (processing unit). Each HSL shall have a processing unit to validate the correct code from the input unit. SIST EN 1300:2014



EN 1300:2013 (E) 12 Each HSL shall also incorporate a blocking feature or be capable of causing movement of a blocking feature. If this feature has to be activated before first use a note to this effect is to be included in the instructions for the use of the lock. 5.1.1.5 If the blocking feature is not moved manually there shall be a means of indicating whether the HSL has been secured, locked and scrambled. 5.1.1.6 An opening code shall not be capable of being altered or being changed other than by a recognized code. 5.1.2 Class D HSL 5.1.2.1 Means shall be provided by which the locking status, locked or unlocked, is made obvious. 5.1.2.2 A mechanical combination HSL shall be in a scrambled condition after locking. 5.1.2.3 A class D HSL shall contain a device which indicates the scrambled condition. 5.1.3 Mechanical Key Operated HSL 5.1.3.1 For class A HSL (see Clause 4), the same code shall not be repeated until at least 80 % of the usable codes have been used. 5.1.3.2 Codes (and sets of code tokens) shall be chosen at random. 5.1.3.3 There shall be no number or marking on either token or HSL which identifies the code. Also no legitimization card shall be issued. 5.1.3.4 It shall not be possible to remove the key from a HSL whilst that HSL is in the open position except for code changing. This requirement is applicable to all classes. Note that it is acceptable for this feature to be activated immediately prior to the first use of the HSL. 5.1.3.5 The key shall not break under the applied maximum torque of 2,5 Nm. The test is to be conducted according to 8.2.1.4. 5.1.3.6 In addition to the foregoing requirements the manufacturer is also to complete the declaration set out in Annex C. 5.1.4 Lift heights for mechanical key locks 5.1.4.1 Usable codes shall not have more than 40 % of the coding elements (levers) of the same lift height. 5.1.4.2 Usable codes shall not have more than two neighbouring elements, e.g. two levers next to each other, with the same lift height. 5.1.4.3 In usable codes, the difference between the highest and lowest lift height shall be more than 60 % of the maximum lift height difference of the HSL. 5.1.5 Electronic HSL 5.1.5.1 Electronic HSL as of class B and with more than 2 user codes shall retain the records of the opening events used according to Table 1 and shall have the means to retain the record for at least 1 year, even in the event of a power failure. 5.1.5.2 When the electronic HSL is secured further communication with the processing unit shall only be possible by inputting a recognized code and to display the lock status. SIST EN 1300:2014



EN 1300:2013 (E) 13 5.1.5.3 For non-distributed systems all component parts of the input unit shall be fixed to the secure storage unit. With the input unit being fixed to the secure storage unit the cabling from input unit to processing unit has to be non accessible. 5.1.5.4 In class C and D any manipulation or replacement of the input unit shall generate an audit entry and automatically display information to the user at each use until it’s neutralized by an authorized person. 5.1.5.5 If the Penalty Time is active there shall be a clear indication, in all classes of HSL, to the user. 5.1.5.6 Low Battery Indication: battery powered locks shall be able to operate for at least 3 000 complete lock openings. The battery capacity shall be monitored. In the case of a low battery/low batteries an audible or visual signal shall occur during or immediately after an opening process. After the first low battery signal at least ten (10) complete opening and locking processes shall still be possible. Where it is possible to connect power from the outside it will not be necessary to meet this requirement. 5.1.5.7 The processing unit for code evaluation shall be located inside the secure storage unit. 5.1.5.8 As of class B, electronic HSL have to be tested against influences by power supply according to 8.2.5. 5.1.6 Electronic tokens 5.1.6.1 General The manufacturer has to give a statement in his manuals that electronic tokens have to be secured as mechanical keys. 5.1.6.2 Contactless electronic tokens 5.1.6.2.1 General The following requirements for contactless electronic tokens are only applicable for near field communication devices, where a typical operation range is less than 15 cm, e.g. NFC or Mifare. If the typical distance between electronic token and input unit for data transmission is more than 15 cm or the electronic token is used for a class D HSL, the requirements of distributed systems as in 5.1.7 shall be met.
NOTE Optical systems are considered to be distributed systems. An example for a contactless electronic token is RFID card. 5.1.6.2.2 Mutual authentication Mutual authentication according to ISO/IEC 9798-2 or ISO/IEC 9798-4 shall be used. The time variant parameter such as time stamp, sequence numbers or random numbers to prevent valid authentication information from being accepted at a later time or more than once (see ISO/IEC 9798-1:2010, Annex B) shall have at least 32 bits. In addition to mutual authentication a valid opening code has to be used to open the HSL. 5.1.6.2.3 Cryptographic key The cryptographic key for symmetric algorithms shall have a minimum length of 64 bits for classes A and B and 128 bits for classes C and D and shall be intended only for the specific HSL model. Asymmetric algorithms shall have comparable key lengths with regard to the security level (NIST SP 800-57). The cryptographic key for symmetric algorithms or the private key for asymmetric algorithms shall never be sent out of the token. It may be part of the transmitted communication data into the electronic token for initialising purposes. The initialization process has to be done by an authorized person in a secure environment. This has to be stated in the user instructions. SIST EN 1300:2014



EN 1300:2013 (E) 14 5.1.6.2.4 Identification number Each electronic token shall have a unique identification number. The identification number shall have a length of at least 32 bits. Normally, the identification number is required for audit purposes only. If the serial number is also used as security relevant information, it shall not be visible on the token. 5.1.6.3 Contacted electronic tokens Contacted electronic tokens for locks other than class D do not have to meet the same additional requirements as contactless electronic tokens. The manufacturer then has to give a statement in his manuals if any security relevant information is stored unencrypted.
Security relevant information should be stored secure in the token and there should be a secure authentication. 5.1.6.4 Multi-use (only valid for class B, C and D) If the electronic token is designed to be used in applications other than the HSL system, the security relevant information shall not be accessible to the other applications. If the electronic token is not protected against multi-use, the following statement shall be included in the manual: Never use this electronic token in applications other than this HSL model. 5.1.7 Requirements for cryptography in distributed security systems 5.1.7.1 Information security 5.1.7.1.1 General This subclause focuses on confidentiality, authentication, integrity, availability, data transmission, information storage, cryptographic keys and their management. 5.1.7.1.2 Confidentiality
Security relevant information that is transmitted across a distributed system shall be encrypted to prevent unauthorized reading. For security relevant data transmission processes in distributed systems, symmetric algorithms such as TDEA 64 bit block and AES 128 bit block are the minimum requirements according to NIST SP 800-67 and FIPS 197 respectively. The encryption algorithm shall be used in a secure mode of operation such as CBC, CFB or GCM.
5.1.7.1.3 Authentication Authentication is required to start communication between devices of a distributed system. The authentication method has to be described by the manufacturer. 5.1.7.1.4 Integrity It shall be ensured that data has not been altered in an unauthorized manner since it was created, transmitted or stored. This includes the insertion, deletion and substitution of data. Accepted methods for ensuring integrity are MAC algorithms or digital signatures. 5.1.7.1.5 Availability If a distributed system is temporary not available this condition shall not compromise the level of security. SIST EN 1300:2014



EN 1300:2013 (E) 15 5.1.7.1.6 Security relevant information storage For storage of security relevant information in HSL class A, lower or no cryptographic concepts than mentioned in 5.1.7.1.2 may be chosen. 5.1.7.1.7 Cryptographic key management Cryptographic keys shall be protected against unauthorized access. The method of storing, creating, transmitting and accessing the cryptographic keys has to be described by the manufacturer. These requirements also apply to the manufacturer
...