ISO 10202-5-1998 PDF

Full title and description

ISO 10202-5:1998 — Financial transaction cards — Security architecture of financial transaction systems using integrated circuit cards — Part 5: Use of algorithms. This part of ISO 10202 specifies cryptographic processes and algorithm usage for financial transaction systems in which at least one node is an integrated circuit card (ICC) or a secure application module (SAM); it describes available cryptographic exchanges and algorithmic functions to support the security services defined in other parts of ISO 10202.

Abstract

Part 5 of ISO 10202 defines how cryptographic algorithms are applied within the security architecture for ICC-based financial transaction systems. It covers algorithm selection and use for authentication, message integrity, confidentiality and related cryptographic exchanges between cards, terminals and backend nodes where an ICC or SAM participates; annexes provide informative guidance. The standard makes cryptographic functions optional where system requirements do not demand them and references normative documents for specific algorithm definitions.

General information

• Status: Withdrawn (withdrawal recorded; different member bodies report withdrawal/withdrawn-from-sale status).
• Publication date: July 1998 (Edition 1, published July 1998).
• Publisher: International Organization for Standardization (ISO).
• ICS / categories: 35.240.15 (Identification cards; chip cards; biometrics).
• Edition / version: Edition 1 (1998).
• Number of pages: 47 pages (ISO bibliographic entry).

Scope

This part of ISO 10202 applies to cryptographic exchanges in financial transaction systems where at least one node involved in the exchange is an ICC or a SAM. Exchanges that do not involve an ICC or SAM are outside the scope. The document specifies how cryptographic services are to be used to support the security functions described in other parts of the ISO 10202 series (transaction process, secure application modules, cardholder verification, etc.). Annexes A–H in the text are informative.

Key topics and requirements

• Definition of cryptographic processes and algorithm usage for ICC-involved exchanges (authentication, integrity, confidentiality).
• Guidance on selection and application of algorithms where required by other ISO 10202 parts (e.g., for transaction processing, cardholder verification, secure application modules).
• Specification that the provision of particular security functions is optional and depends on system requirements.
• Informative annexes providing examples, modes of use and contextual material for implementers.
• Normative references to algorithm definitions and related cryptographic standards (the standard refers implementers to the latest applicable algorithm specifications).

Typical use and users

Primary users include payment scheme architects, card issuers, smart-card application designers, terminal and SAM manufacturers, security architects and certification/test laboratories that design, implement or assess ICC-based financial transaction systems. (This is inferred from the standard’s scope and its development by ISO technical committees for banking/financial services.)

Related standards

ISO 10202-5 is one part of the ISO 10202 series; the series includes Parts 1–8 covering card life cycle, transaction process, cryptographic key relationships, secure application modules, use of algorithms (this part), cardholder verification, key management and general principles/overview. It is also related to smart-card interface and application standards such as ISO/IEC 7816 and payment ecosystem specifications (for example EMV) which specify interoperable command sets, protocols and higher-level payment application behaviour that rely on cryptographic services.

Keywords

financial transaction cards, integrated circuit card (ICC), secure application module (SAM), cryptographic algorithms, message authentication, confidentiality, cardholder verification, key management, ISO 10202, smart card security.

FAQ

Q: What is this standard?

A: ISO 10202-5:1998 is the Part 5 component of the ISO 10202 series that specifies the use of cryptographic algorithms and related cryptographic processes for financial transaction systems employing integrated circuit cards.

Q: What does it cover?

A: It covers the application of cryptographic functions (authentication, integrity, confidentiality), the contexts in which those functions are used when an ICC or SAM participates, and informative guidance (annexes) on algorithm usage; exchanges not involving ICC/SAM are outside its scope.

Q: Who typically uses it?

A: Card issuers, payment scheme designers, terminal and SAM manufacturers, smart-card application developers, test labs and security architects working on ICC-based financial transaction systems. This follows from the standard’s scope and the ISO technical committee remit.

Q: Is it current or superseded?

A: ISO 10202-5:1998 is recorded as withdrawn in ISO bibliographic records. Member bodies and commercial distributors report withdrawal/withdrawn-from-sale status (sources report withdrawal activity at different dates). Implementers should check current ISO catalogues and related active standards (and payment specifications such as EMV) for up-to-date algorithm and security requirements relevant to ICC-based systems.

Q: Is it part of a series?

A: Yes — it is Part 5 of ISO 10202 (the series contains Parts 1 through 8, covering the security architecture for ICC-based financial transaction systems).

Q: What are the key keywords?

A: Financial transaction cards; integrated circuit card (ICC); cryptographic algorithms; message authentication; confidentiality; key management; secure application module (SAM); cardholder verification.