Skip to content
Please enter a keyword to search

  • BS ISO 10202-7:1998

    Withdrawn A Withdrawn Standard is one, which is removed from sale, and its unique number can no longer be used. The Standard can be withdrawn and not replaced, or it can be withdrawn and replaced by a Standard with a different number.

    Financial transaction cards. Security architecture of financial transaction systems using integrated circuit cards Key management

    Available format(s):  Hardcopy, PDF

    Withdrawn date:  01-12-2004

    Language(s):  English

    Published date:  15-04-2000

    Publisher:  British Standards Institution

    Add To Cart

    Table of Contents - (Show below) - (Hide below)

    1 Scope
    2 Normative references
    3 Definitions
          3.1 Definitions
          3.2 Abbreviations
    4 General security principles
    5 ICC systems key management requirements
          5.1 ICC and SAM life cycle
          5.2 Key life cycle protection
          5.3 Key separation
          5.4 Key management services
          5.5 Key relationships
          5.6 On-line transaction processing
          5.7 Off-line transaction processing using a SAM
          5.8 CDF and ADF keys
          5.9 Physical security
          5.10 CADs without a SAM
    6 ICC systems cryptographic keys
          6.1 Definition of cryptographic keys
          6.2 Key hierarchy
    7 Key life cycle
          7.1 Key generation
          7.2 Key storage
          7.3 Key backup
          7.4 Key distribution and loading
          7.5 Key use
          7.6 Key replacement
          7.7 Key destruction
          7.8 Key deletion
          7.9 Key archive
          7.10 Key termination
          7.11 Reserve keys
    8 Key management service
          8.1 Key encipherment
          8.2 Key derivation
          8.3 Key offsetting
          8.4 Key notarization
          8.5 Key tagging
          8.6 Key verification
          8.7 Key identification
                 8.7.1 Implicit key identification
                 8.7.2 Explicit key identification
          8.8 Controls and audits
    9 ICC and SAM key loading processes
          9.1 Loading of initial symmetric keys
          9.2 Loading of production keys
          9.3 Loading of issuer keys
          9.4 Loading of ADF keys
          9.5 Loading of public keys
          9.6 Loading of secret keys of asymmetric algorithms
          9.7 Generation of asymmetric public/secret key pairs
          9.8 Test keys
    10 Symmetric key management techniques
          10.1 Derivation of ICC and SAM keys
          10.2 Key Management Technique 1: Static data keys
          10.3 Key Management Technique 2: Session keys
          10.4 Key Management Technique 3: Unique message keys
          10.5 Length of keys
    11 Asymmetric key management techniques
          11.1 Use of asymmetric key management in a CAD with a
                 SAM
          11.2 Use ofout a SAM
          11.3 Public key certification requirements
          11.4 Secure storage of secret keys
          11.5 Secure storage of public keys
          11.6 Exchange of certified public keys
          11.7 Key length
          11.8 Secure protocols
    12 Combined asymmetric/symmetric key management
          12.1 Basic requirement
          12.2 Exchange of symmetric keys
    Annex A (informative) Examples of card life cycle using
                          symmetric key management
    Annex B (informative) Examples of symmetric key management
                          techniques 1, 2 and 3
    Annex C (informative) Example of transaction processing key
                          management using symmetric key
                          management technique 3 with implicit
                          key identification
    Annex D (informative) Example of transaction processing key
                          management using public key management
                          in a CAD with a SAM
    Annex E (informative) Example of transaction processing key
                          management using public key management
                          in a CAD without a SAM

    Abstract - (Show below) - (Hide below)

    Defines key management requirements for financial transaction systems using integrated circuit cards. Specifies procedures and processes for the secure management of cryptographic keys used during the card life cycle and transaction processing in an integrated circuit card environment. Asymmetric and symmetric key management schemes are addressed. Minimum key management requirements are specified.

    General Product Information - (Show below) - (Hide below)

    Committee IST/12
    Development Note Supersedes 94/647820 DC. (03/2007)
    Document Type Standard
    Publisher British Standards Institution
    Status Withdrawn
    Supersedes

    Standards Referencing This Book - (Show below) - (Hide below)

    ISO 7812:1987 Identification cards — Numbering system and registration procedure for issuer identifiers
    ISO/IEC 7812-2:2017 Identification cards — Identification of issuers — Part 2: Application and registration procedures
    ISO 10202-8:1998 Financial transaction cards Security architecture of financial transaction systems using integrated circuit cards Part 8: General principles and overview
    ISO 11568-2:2012 Financial services — Key management (retail) — Part 2: Symmetric ciphers, their key management and life cycle
    ISO 11568-6:1998 Banking Key management (retail) Part 6: Key management schemes
    ISO 13491-1:2016 Financial services Secure cryptographic devices (retail) Part 1: Concepts, requirements and evaluation methods
    ISO 10202-3:1998 Financial transaction cards Security architecture of financial transaction systems using integrated circuit cards Part 3: Cryptographic key relationships
    ISO/IEC 7816-4:2013 Identification cards Integrated circuit cards Part 4: Organization, security and commands for interchange
    ISO 10202-6:1994 Financial transaction cards Security architecture of financial transaction systems using integrated circuit cards Part 6: Cardholder verification
    ISO 11568-1:2005 Banking — Key management (retail) — Part 1: Principles
    ISO/IEC 7816-3:2006 Identification cards — Integrated circuit cards — Part 3: Cards with contacts — Electrical interface and transmission protocols
    ISO 9992-1:1990 Financial transaction cards Messages between the integrated circuit card and the card accepting device Part 1: Concepts and structures
    ISO 10202-2:1996 Financial transaction cards Security architecture of financial transaction systems using integrated circuit cards Part 2: Transaction process
    ISO/IEC 7812-1:2017 Identification cards — Identification of issuers — Part 1: Numbering system
    ISO 11568-4:2007 Banking — Key management (retail) — Part 4: Asymmetric cryptosystems — Key management and life cycle
    ISO 11568-3:1994 Banking Key management (retail) Part 3: Key life cycle for symmetric ciphers
    ISO/IEC 7816-5:2004 Identification cards — Integrated circuit cards — Part 5: Registration of application providers
    ISO 10202-5:1998 Financial transaction cards Security architecture of financial transaction systems using integrated circuit cards Part 5: Use of algorithms
    ISO 11568-5:1998 Banking Key management (retail) Part 5: Key life cycle for public key cryptosystems
    ISO/IEC 9796:1991 Information technology Security techniques Digital signature scheme giving message recovery
    View more information

    • Access your standards online with a subscription

      Features

      • Simple online access to standards, technical information and regulations
      • Critical updates of standards and customisable alerts and notifications
      • Multi - user online standards collection: secure, flexibile and cost effective