ISO/IEC 7816-4:2020/Amd 1:2023
(Amendment)Identification cards - Integrated circuit cards - Part 4: Organization, security and commands for interchange - Amendment 1: Support of multiple logical security devices
Identification cards - Integrated circuit cards - Part 4: Organization, security and commands for interchange - Amendment 1: Support of multiple logical security devices
Cartes d'identification — Cartes à circuit intégré — Partie 4: Organisation, sécurité et commandes pour les échanges — Amendement 1: Prise en charge de plusieurs dispositifs de sécurité logiques
General Information
- Status
- Published
- Publication Date
- 30-Oct-2023
- Technical Committee
- ISO/IEC JTC 1/SC 17 - Cards and security devices for personal identification
- Current Stage
- 6060 - International Standard published
- Start Date
- 31-Oct-2023
- Due Date
- 16-Aug-2024
- Completion Date
- 31-Oct-2023
Relations
- Effective Date
- 06-Jun-2022
Overview
ISO/IEC 7816-4:2020/Amd 1:2023 is an amendment to the international standard for identification cards that use integrated circuit cards (ICC). This amendment introduces the support of multiple logical security devices within a single physical ICC, enhancing the organization's security architecture and improving command interchange protocols. Developed by ISO and IEC, this standard is pivotal in advancing secure digital identity and authentication technologies in smart card applications.
The amendment extends the existing framework by defining how logical security devices operate independently yet coexist on one physical ICC. It covers the organization, security, and command handling for these devices, enabling enhanced flexibility and security management within identification cards.
Key Topics
Logical Security Device Concept
A logical security device is a virtual ICC created from a collection of logical resources on a physical ICC, including data structures, security attributes, logical channels, and command sets. Each has a unique identifier called the logical security device number enabling independent operation within the same physical card.Multiple Logical Security Devices Support
- The physical interface activation automatically opens and selects the basic logical security device (number '00').
- Additional logical security devices may be created, opened, selected, reset, or closed dynamically using the
MANAGE LOGICAL SECURITY DEVICEcommand (INS '7C'). - Logical security devices use the physical interface, transmission protocol, and other ICC common services but maintain separate security status and logical channels.
- Resources assigned to a logical security device are isolated from others, ensuring independent management and operation.
Command Enhancements
- The amendment adds a new command,
MANAGE LOGICAL SECURITY DEVICE, allowing the external environment to control logical security devices via operations such as open, select, reset, and close. - Logical security device reset can produce a reset string for identification or setup purposes.
- Logical security devices use their logical security device numbers for addressing within commands, enabling precise and secure targeting of operations.
- The amendment adds a new command,
Security and Resource Management
The standard clarifies state transitions for logical security devices, including opening (selection), resetting (restoring initial state), and closing (releasing allocated resources). Closing a selected logical security device returns control to the basic logical security device automatically.
Applications
ISO/IEC 7816-4:2020/Amd 1:2023 is highly relevant across industries where secure personal identification and data protection are critical and smart cards are in use. Key applications include:
Government Identification and ePassports
Supporting multiple logical security devices allows for separate secure environments on the same card-for instance, separating biometric data, authentication, and payment applications securely.Financial Services
Bank cards and payment devices can manage multiple accounts or services securely using distinct logical security devices, enhancing multi-application support and security isolation.Enterprise Access Control
Organizations can implement sophisticated access control systems by segregating security domains within a single card, using logical devices for different roles or access levels.Healthcare Credentials
Enables coexistence of multiple healthcare applications, such as patient identification, insurance verification, and medical record access, managed securely and independently.Telecommunications SIM Cards
Logical security devices facilitate support for multiple subscriber profiles or enhanced security features within a single SIM card.
Related Standards
This amendment is part of the broader ISO/IEC 7816 series, which encompasses standards for integrated circuit cards with contacts. Relevant related standards include:
ISO/IEC 7816-1 to 3
Cover general physical characteristics, dimensions, and electrical interfaces for ICCs.ISO/IEC 7816-2
Details physical characteristics and ATR (Answer To Reset) interface.ISO/IEC 7816-8
Specifies commands for security operations, closely tied to logical device security features.ISO/IEC 7816-12
Addresses card application management.ISO/IEC Directives, Part 1 and Part 2
Outline rules for developing and maintaining ISO/IEC standards, critical for understanding amendment scope and implementation.
For implementers, consulting the full ISO/IEC 7816 series ensures comprehensive compliance and interoperability across smart card technologies.
Keywords: ISO/IEC 7816-4 Amendment, integrated circuit cards, logical security devices, ICC security, smart card commands, multiple logical devices, card security architecture, contact smart cards, MANAGE LOGICAL SECURITY DEVICE command, identification card standards, data interchange security.
Frequently Asked Questions
ISO/IEC 7816-4:2020/Amd 1:2023 is a standard published by the International Organization for Standardization (ISO). Its full title is "Identification cards - Integrated circuit cards - Part 4: Organization, security and commands for interchange - Amendment 1: Support of multiple logical security devices". This standard covers: Identification cards - Integrated circuit cards - Part 4: Organization, security and commands for interchange - Amendment 1: Support of multiple logical security devices
Identification cards - Integrated circuit cards - Part 4: Organization, security and commands for interchange - Amendment 1: Support of multiple logical security devices
ISO/IEC 7816-4:2020/Amd 1:2023 is classified under the following ICS (International Classification for Standards) categories: 35.240.15 - Identification cards. Chip cards. Biometrics. The ICS classification helps identify the subject area and facilitates finding related standards.
ISO/IEC 7816-4:2020/Amd 1:2023 has the following relationships with other standards: It is inter standard links to ISO/IEC 7816-4:2020. Understanding these relationships helps ensure you are using the most current and applicable version of the standard.
ISO/IEC 7816-4:2020/Amd 1:2023 is available in PDF format for immediate download after purchase. The document can be added to your cart and obtained through the secure checkout process. Digital delivery ensures instant access to the complete standard document.
Standards Content (Sample)
INTERNATIONAL ISO/IEC
STANDARD 7816-4
Fourth edition
2020-05
AMENDMENT 1
2023-10
Identification cards — Integrated
circuit cards —
Part 4:
Organization, security and commands
for interchange
AMENDMENT 1: Support of multiple
logical security devices
Cartes d'identification — Cartes à circuit intégré —
Partie 4: Organisation, sécurité et commandes pour les échanges
AMENDEMENT 1: Prise en charge de plusieurs dispositifs de sécurité
logiques
Reference number
ISO/IEC 7816-4:2020/Amd. 1:2023(E)
© ISO/IEC 2023
ISO/IEC 7816-4:2020/Amd. 1:2023(E)
© ISO/IEC 2023
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
© ISO/IEC 2023 – All rights reserved
ISO/IEC 7816-4:2020/Amd. 1:2023(E)
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work.
The procedures used to develop this document and those intended for its further maintenance
are described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria
needed for the different types of document should be noted. This document was drafted in
accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives or
www.iec.ch/members_experts/refdocs).
ISO and IEC draw attention to the possibility that the implementation of this document may involve the
use of (a) patent(s). ISO and IEC take no position concerning the evidence, validity or applicability of
any claimed patent rights in respect thereof. As of the date of publication of this document, ISO and IEC
had not received notice of (a) patent(s) which may be required to implement this document. However,
implementers are cautioned that this may not represent the latest information, which may be obtained
from the patent database available at www.iso.org/patents and https://patents.iec.ch. ISO and IEC shall
not be held responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to
the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see
www.iso.org/iso/foreword.html. In the IEC, see www.iec.ch/understanding-standards.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 17, Cards and security devices for personal identification.
A list of all parts in the ISO/IEC 7816 series can be found on the ISO and IEC websites.
Any feedback or questions on this document should be directed to the user’s national standards
body. A complete listing of these bodies can be found at www.iso.org/members.html and
www.iec.ch/national-committees.
iii
© ISO/IEC 2023 – All rights reserved
ISO/IEC 7816-4:2020/Amd. 1:2023(E)
Identification cards — Integrated circuit cards —
Part 4:
Organization, security and commands for interchange
AMENDMENT 1: Support of multiple logical security devices
Clause 3
Add the following term and definition at the end of Clause 3:
3.68
logical security device
collection of resources of the physical ICC, build for a logical view as a virtual ICC
Table 4
Add the following new entry after MANAGE DATA entry:
MANAGE LOGICAL SECURITY DEVICE
'7C' 11.9
Table 5
Add the following new entry after MANAGE CHANNEL entry:
MANAGE LOGICAL SECURITY DEVICE
'7C' 11.9
Clause 7
Add the following subclauses after the last subclause in Clause 7:
7.5 Multiple logical security device
7.5.1 Concept of logical security devices
Logical resources are the collection of resources of the physical ICC, described in Clause 5 to Clause 11
(except 7.5), assigned to the logical security device as a virtual ICC on the physical ICC. This collection
contains, e.g. the set of data structures with its own security architecture, security attributes and
security status, its own logical channels and a set of commands for interchange. An ICC supporting
logical security device offers at least the basic logical security device. Multiple logical security devices
may exist in parallel on one physical ICC. Each logical security device is identified by its logical security
device number.
NOTE 1 The assignment of logical resources to a logical security device in the opening process is
implementation dependent and can use configuration data on the physical ICC, addressed by the logical security
device number. This can also apply in particular for the security conditions to be fulfilled for opening a new
logical security device.
© ISO/IEC 2023 – All rights reserved
ISO/IEC 7816-4:2020/Amd. 1:2023(E)
For an ICC supporting logical s
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.
Loading comments...