本文件定义了第三方支付（TPP）中使用的通用术语。接下来，它建立了两个逻辑结构模型，其中明确了要保护的资产。最后，它基于对逻辑结构模型的分析以及受威胁、组织安全策略和假设影响的资产之间的相互作用，指定了安全目标。制定这些安全目标是为了应对提供支付服务的TPPSP的中介性质所带来的威胁，而不是支付方和收款方直接与各自的账户服务支付服务提供商（ASPSP）互动的更简单的支付模式。 本文件假设以TPP为中心的支付依赖于使用TPPSP凭证和相应的认证流程进行发放、分发和续期。然而，此类过程的安全目标不在本文件范围内。 注:本文件基于ISO/IEC 15408系列中规定的方法。因此，不属于TOE的安全事项作为假设处理，例如提供TPP服务的信息系统所需的安全性以及参与TPP业务的实体之间通信通道的安全性。

This document defines a common terminology to be used in the context of third-party payment (TPP). Next, it establishes two logical structural models in which the assets to be protected are clarified. Finally, it specifies security objectives based on the analysis of the logical structural models and the interaction of the assets affected by threats, organizational security policies and assumptions. These security objectives are set out in order to counter the threats resulting from the intermediary nature of TPPSPs offering payment services compared with simpler payment models where the payer and the payee directly interact with their respective account servicing payment service provider (ASPSP). This document assumes that TPP-centric payments rely on the use of TPPSP credentials and the corresponding certified processes for issuance, distribution and renewal purposes. However, security objectives for such processes are out of the scope of this document. NOTE？This document is based on the methodology specified in the ISO/IEC 15408 series. Therefore, the security matters that do not belong to the TOE are dealt with as assumptions, such as the security required by an information system that provides TPP services and the security of communication channels between the entities participating in a TPP business.