1. Home
  2. Moldova standards
  3. STM
  4. St ISO 10202-4-1996

ISO 10202-4-1996 PDF

St ISO 10202-4-1996

Name in English:
St ISO 10202-4-1996

Name in Russian:
Ст ISO 10202-4-1996

Description in English:

Original standard ISO 10202-4-1996 in PDF full version. Additional info + preview on request

Description in Russian:
Оригинальный стандарт ISO 10202-4-1996 в PDF полная версия. Дополнительная инфо + превью по запросу
Document status:
Active
Format:
Electronic (PDF)
Delivery time (for English version):
1 business day
Delivery time (for Russian version):
365 business days
SKU:
stiso00224
Choose Document Language:
€25

Full title and description

Financial transaction cards — Security architecture of financial transaction systems using integrated circuit cards — Part 4: Secure application modules (ISO 10202-4:1996). Specifies minimum security requirements and lifecycle considerations for Secure Application Modules (SAMs) used with Card Accepting Devices (CADs) in financial transaction systems.

Abstract

ISO 10202-4:1996 defines the security objectives and minimum requirements for the preparation, initialization, activation, use, deactivation and key management of Secure Application Modules (SAMs). It covers the SAM’s role in storing application-related and cryptographic information, SAM–CAD interfaces, and requirements intended to protect cryptographic keys and transaction processing functions.

General information

  • Status: Withdrawn.
  • Publication date: February 1996 (1996-02).
  • Publisher: International Organization for Standardization (ISO).
  • ICS / categories: 35.240.15 (Identification cards; chip cards).
  • Edition / version: Edition 1 (1996).
  • Number of pages: 15 pages (official ISO record).

Scope

Defines minimum security requirements for the lifecycle of a Secure Application Module (SAM) that can be added to a Card Accepting Device (CAD). The standard addresses SAM preparation and manufacturing controls, initialization and activation procedures, permitted operations during use, deactivation and end-of-life, the SAM–CAD interface characteristics, and key loading/replacement processes. It explicitly excludes the relationship between SAM providers and hosts beyond the SAM lifecycle requirements.

Key topics and requirements

  • Minimum lifecycle security requirements for SAMs: manufacture, initialization, activation, operation, deactivation and dismantling.
  • Cryptographic key management: secure loading, replacement and storage of keys used by the SAM (references to ISO 10202-3 for key material).
  • Interfaces and protocol conformance between SAM and CAD; alignment with ISO/IEC 7816 electrical and protocol characteristics.
  • Security rules to ensure SAM operations or data do not compromise other systems or SAM instances.
  • Requirements for verification of manufacturing integrity and secure procedures for initialization and activation.

Typical use and users

Used by payment-card system architects, SAM manufacturers and suppliers, acquirers and issuers, terminal (CAD) manufacturers, application providers, and security engineers responsible for implementing or auditing cryptographic modules and secure key management processes in card-based financial transaction systems. The standard is aimed at stakeholders designing or operating SAM-enabled payment terminals and related back-end processes.

Related standards

Part of the ISO 10202 series on financial transaction cards (other parts address card lifecycle, transaction processes, key material, authentication, etc.). ISO 10202-3 and ISO 10202-5 are directly relevant for key material and authentication procedures; ISO/IEC 7816 parts (electrical, physical and APDU protocols) are referenced for SAM–ICC/CAD interfaces. Note: ISO 10202-4:1996 has an associated technical corrigendum (ISO 10202-4:1996/Cor 1:1999) and the part has been withdrawn in subsequent ISO lifecycle actions.

Keywords

Secure Application Module (SAM), Card Accepting Device (CAD), integrated circuit card (ICC), payment cards, cryptographic key management, lifecycle security, ISO 10202, ISO/IEC 7816.

FAQ

Q: What is this standard?

A: ISO 10202-4:1996 is an ISO International Standard that specified minimum security and lifecycle requirements for Secure Application Modules used with card-accepting devices in financial transaction systems.

Q: What does it cover?

A: It covers SAM preparation (manufacture and initialization), activation, operational use, deactivation/end-of-life, SAM–CAD interfaces, and procedures for loading and replacing cryptographic keys. It is focused on protecting cryptographic material and ensuring SAM operations do not compromise other systems.

Q: Who typically uses it?

A: Card issuers, acquirers, SAM and terminal manufacturers, payment application suppliers, and security architects or auditors working on card-based payment systems.

Q: Is it current or superseded?

A: ISO 10202-4:1996 is recorded as withdrawn in the ISO lifecycle; a technical corrigendum was issued in 1999 (ISO 10202-4:1996/Cor 1:1999) and the part was later withdrawn per ISO records. Users should verify current applicable standards or newer replacements when implementing SAM security.

Q: Is it part of a series?

A: Yes — it is one part of the ISO 10202 series addressing security architecture for financial transaction cards (other parts address card lifecycle, transaction processes, key material and authentication). Implementers are expected to consider the related parts (e.g., ISO 10202-1, -2, -3, -5) alongside Part 4.

Q: What are the key keywords?

A: Secure Application Module (SAM), Card Accepting Device (CAD), cryptographic keys, lifecycle security, payment cards, ISO 10202, ISO/IEC 7816.