Date: 2025-11-05
ISO/IEC 7816-4:2020/DAM 2:2025(en)
Fourth edition
2020-10-29
ISO/IEC JTC 1/SC 17
Secretariat: BSI
Identification cards — Integrated circuit cards — Part 4: Organization, security and commands for interchange
AMENDMENT 2: Quantum safe cryptography
Cartes d'identification — Cartes à circuit intégré — Partie 4: Organisation, sécurité et commandes pour les échanges
AMENDEMENT 2: Mise à jour des fonctionnalités carte pour le support cryptographie post quantique
© ISO/IEC 2023
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types of ISO documents should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISO's adherence to the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www.iso.org/iso/foreword.html.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 17, Cards and security devices for personal identification.
A list of all parts in the ISO/IEC 7816 series can be found on the ISO website.
Any feedback or questions on this document should be directed to the user’s national standards body. A complete listing of these bodies can be found at www.iso.org/members.html.
Identification cards — Integrated circuit cards —
Part 4: Organization, security and commands for interchange
AMENDMENT 2: Quantum safe cryptography
Page 18, Table 7
Insert the following new row after the row indicating SW1 as ‘62’ and SW2 as ‘87’:
‘62’ (warning) | ‘88’ | Operation or data format not supported |
|
Page 68, Table 56
Change the second row:
‘80’ | Cryptographic mechanism reference (see also algorithm identifier definition in ISO/IEC 7816-8) | x | x | x | x | x | x | x |
Insert the following new rows before the fourth row from the last:
Quantum Safe Cryptography (QSC) related data elements (see ISO/IEC 7816-8) | ||||||||
‘96’ | Descriptor of certificate type (hybrid or not) |
|
|
|
| x |
|
|
‘97’ | Operation sequence indicator (ordering of the operation) | x | x |
| x | x | x | x |
‘98’ | Operation type indicator | x | x |
|
| x |
|
|
‘99’ | Label input in hybrid signature computation | x |
|
|
| x |
|
|
‘9E’ | Flag denoting CRT that includes data elements shared between multiple CRTs. | x | x |
| x | x | x | x |
‘9F01’ | Intermediate hash-code computation indicator |
|
| x |
|
|
|
|
Compound key related data elements (see ISO/IEC 7816-8) | ||||||||
‘9A’ | Compound key indicator | x | x |
| x | x | x | x |
Page 68, Table 57
Insert the following new rows before the last row:
‘92’ | Key establishment scheme (see ISO/IEC 7816-8) |
‘93’ | Key derivation function (see ISO/IEC 7816-8) |
‘94’ | Key confirmation method (see ISO/IEC 7816-8) |
‘95’ | Key combiner algorithm (see ISO/IEC 7816-8) |
‘96’ | Key encapsulation mechanism authentication indicator (see ISO/IEC 7816-8) |
Page 69, Table 58
Change the last row:
- | - | - | - | - | - | x | x | Supported function for key encapsulation mechanism |
- | - | - | - | - | - | 0 | 0 | RFU |
- | - | - | - | - | - | 0 | 1 | Key generation for key encapsulation mechanism (see ISO/IEC 7816-8) |
- | - | - | - | - | - | 1 | 0 | Encapsulation for key encapsulation mechanism (see ISO/IEC 7816-8) |
- | - | - | - | - | - | 1 | 1 | Decapsulation for key encapsulation mechanism (see ISO/IEC 7816-8) |
Page 107, Table 103
Change the 5th row:
Data field | Authentication-related data (e.g. challenge) or authentication-related DO‘73’ (see ISO/IEC 7816-8) |
Change the 7th row:
Data field | Authentication-related data (e.g. response to a challenge) or authentication-related DO‘73’ (see ISO/IEC 7816-8) |
Page 109, Table 105
Change the 5th row:
Data field | Authentication-related data (e.g. response to a challenge) or authentication-related DO‘73’ (see ISO/IEC 7816-8) |
Page 109, Table 106
Change the 5th row:
Data field | Authentication-related data or authentication-related DO‘73’ (see ISO/IEC 7816-8) |
Change the 7th row:
Data field | Authentication-related data or authentication-related DO‘73’ (see ISO/IEC 7816-8) |
Page 114, 11.6.11
Change the first bullet point:
— SET, i.e. either setting or replacing one or more components of the current SE (see 10.3.3);
Change the 6th bullet point:
— GET SE, i.e. retrieving all CRTs pertaining to the current SE;
Change the last bullet point:
— GET CRT, i.e. retrieving one or more CRTs pertaining to the current SE.
Page 114, Table 114
Change the 6th and the 7th rows for the first Data field:
Data field | GET, STORE, RESTORE, ERASE, RESET | Absent |
SET one CRT (P2=‘A4’, ‘A6’, ‘AA’, ‘B4’, ‘B6’ or ‘B8’) | Control reference DOs | |
SET more than one CRT (P2=’C0’) | CRTs |
Change the second to the third rows from the last:
Data field | GET SE | Concatenation of CRTs |
GET CRT | One or more CRTs | |
other | Absent |
Change the last row:
SW1-SW2 | See Table 6 and Table 7 when relevant, e.g. ‘6288’, '6600', '6987', '6988, '6A88' (see 11.6.1) |
Page 115, Table 115
Add the following sentence after Table 115:
When several CRTs are conveyed in the data field (P2='C0') , b8 to b5 (in P1) shall be set if their meaning applies to each individual CRT, otherwise, b8 to b5 (in P1) shall be set to '0' and a usage qualifier byte DO (DO'95') shall be conveyed in respective CRT.
Page 115, Table 116
Change the third row:
‘A4’, ‘A6’, ‘AA’, ‘B4’, ‘B6’, ‘B8’ | Tag of CRT with the meaning from Table 55 and its control reference DOs present in the command data field if P1 indicates SET or GET CRT |
‘C0’ | More than one CRTs present (tag and control reference DOs) in the command data field if P1 indicates SET |
Page 146, Clause C.1
Add the following note at the end of this clause:
NOTE ISO/IEC 7816-8 provides examples of GENERAL AUTHENTICATE commands sequence for protocols using Quantum Safe Cryptography.
