1. Home
  2. Moldova standards
  3. STM
  4. St ISO 10202-3-1998

ISO 10202-3-1998 PDF

St ISO 10202-3-1998

Name in English:
St ISO 10202-3-1998

Name in Russian:
Ст ISO 10202-3-1998

Description in English:

Original standard ISO 10202-3-1998 in PDF full version. Additional info + preview on request

Description in Russian:
Оригинальный стандарт ISO 10202-3-1998 в PDF полная версия. Дополнительная инфо + превью по запросу
Document status:
Active
Format:
Electronic (PDF)
Delivery time (for English version):
1 business day
Delivery time (for Russian version):
365 business days
SKU:
stiso00223
Choose Document Language:
€25

Full title and description

ISO 10202-3:1998 — Financial transaction cards — Security architecture of financial transaction systems using integrated circuit cards — Part 3: Cryptographic key relationships. Specifies cryptographic key-relationship requirements and options for security architectures used with integrated circuit (chip) cards in financial transaction systems.

Abstract

This part of ISO 10202 defines minimum requirements and selectable options for establishing and maintaining cryptographic key relationships between the entities involved in the life cycles of integrated circuit cards (ICCs) and secure application modules (SAMs) used in financial transaction systems. It covers symmetric and asymmetric key relationships, methods for establishing mutual secret keys, and how key relationships are applied during card and SAM manufacture, personalization, issuance and transaction processing.

General information

  • Status: Withdrawn / Annulée (withdrawn by ISO).
  • Publication date: July 1998 (1998-07).
  • Publisher: International Organization for Standardization (ISO).
  • ICS / categories: 35.240.15 — Identification cards; chip cards; biometrics.
  • Edition / version: Edition 1 (1998).
  • Number of pages: 25 (published edition length varies by national reproduction; commonly cited as 25 pages).

Scope

Defines the minimum cryptographic key-relationship requirements for security architectures of financial transaction systems that use integrated circuit cards. The standard describes the types of key relationships (symmetric mutual secret keys and appropriate keys from asymmetric pairs), when and how relationships may be established across card and SAM lifecycles, and provides options from which card issuers or application suppliers select the key-relationship schemes appropriate to their application and operational model.

Key topics and requirements

  • Definitions and terminology for cryptographic key relationships in ICC and SAM environments.
  • Minimum requirements for establishing mutual secret keys for symmetric algorithms.
  • Use of public/secret key pairs for asymmetric key relationships where appropriate.
  • Key relationship options to be chosen by card issuers or application suppliers based on operational needs.
  • Application of key relationships across card life cycle and SAM life cycle stages (manufacture, personalization, issuance, operation).
  • Normative annexes specifying required elements and informative annexes providing guidance/examples (annex structure described in the published part).

Typical use and users

Used by security architects, card issuers, payment schemes, application providers, SAM manufacturers, personalization bureaus, payment processors, and auditors to design and assess key-establishment relationships and policies for chip-card based financial transaction systems. Also of interest to national standards bodies and implementers aligning proprietary schemes with international practices.

Related standards

ISO 10202 is a multipart series; related parts include ISO 10202-1 (Card life cycle), ISO 10202-2 (Transaction process), ISO 10202-4 (Secure application modules), ISO 10202-5 (Use of algorithms), ISO 10202-7 (Key management), ISO 10202-8 (General principles and overview), and other card/ICC standards such as ISO/IEC 7816 (integrated circuit cards) and industry specifications (e.g., EMV) that address complementary aspects of card security and transaction processing.

Keywords

Financial transaction cards, integrated circuit cards (ICCs), cryptographic key relationships, key establishment, symmetric keys, asymmetric keys, SAM, card life cycle, personalization, payment security.

FAQ

Q: What is this standard?

A: ISO 10202-3:1998 is Part 3 of the ISO 10202 series that specifies cryptographic key-relationship requirements for the security architecture of financial transaction systems using integrated circuit (chip) cards.

Q: What does it cover?

A: It covers the types of key relationships (mutual secret keys for symmetric algorithms and appropriate keys from asymmetric pairs), when and how those relationships are established during card and SAM life cycles, and options for implementers to select schemes suitable for their operational environment.

Q: Who typically uses it?

A: Card issuers, payment scheme architects, SAM and ICC manufacturers, personalization bureaus, payment processors, security auditors, and standards bodies concerned with chip-card payment security.

Q: Is it current or superseded?

A: ISO 10202-3:1998 has been withdrawn (the publication is listed as withdrawn/annulée by ISO; national implementations indicate withdrawal/cancellation dates, e.g. formal withdrawal actions completed in the 2000s). Implementers should consult current ISO work and relevant industry specifications (such as EMV and later ISO/IEC standards) for up-to-date requirements.

Q: Is it part of a series?

A: Yes — ISO 10202 is a multipart standard covering security architecture for financial transaction systems using integrated circuit cards; Part 3 is the cryptographic key relationships part within that series.

Q: What are the key keywords?

A: Cryptographic key relationships, ICC, SAM, payment card security, symmetric key, asymmetric key, key management, card life cycle.