ISO 9564-2:2025

International
Standard
ISO 9564-2
Fourth edition
Financial services — Personal
2025-08
Identification Number (PIN)
management and security —
Part 2:
Approved algorithms for PIN
encipherment
Services financiers — Gestion et sécurité du numéro personnel
d'identification (PIN) —
Partie 2: Algorithmes approuvés pour le chiffrement du PIN
Reference number
© ISO 2025
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 General . 1
5 Triple data encryption algorithm (TDEA) . 2
5.1 Definition of the TDEA algorithm .2
5.2 Use of the TDEA algorithm.2
6 RSA encryption algorithm . 2
6.1 Definition of the RSA algorithm .2
6.2 Use of the RSA algorithm .2
7 AES encryption algorithm. 2
7.1 Definition of the AES algorithm .2
7.2 Use of the AES algorithm .2
8 SM4 encryption algorithm. 2
8.1 Definition of the SM4 algorithm .2
8.2 Use of the SM4 algorithm .3
9 ECIES algorithm . 3
9.1 Definition of the ECIES algorithm .3
9.2 Use of the ECIES algorithm .3
Annex A (informative) Using key encapsulation mechanisms for establishment of ephemeral
PIN encryption keys . 4
Bibliography .13

iii
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out through
ISO technical committees. Each member body interested in a subject for which a technical committee
has been established has the right to be represented on that committee. International organizations,
governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely
with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types
of ISO document should be noted. This document was drafted in accordance with the editorial rules of the
ISO/IEC Directives, Part 2 (see www.iso.org/directives).
ISO draws attention to the possibility that the implementation of this document may involve the use of (a)
patent(s). ISO takes no position concerning the evidence, validity or applicability of any claimed patent
rights in respect thereof. As of the date of publication of this document, ISO had not received notice of (a)
patent(s) which may be required to implement this document. However, implementers are cautioned that
this may not represent the latest information, which may be obtained from the patent database available at
www.iso.org/patents. ISO shall not be held responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO's adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 68 Financial services, Subcommittee SC 2,
Financial services, security.
This fourth edition cancels and replaces the third edition (ISO 9564-2:2014), which has been technically
revised.
The main changes are as follows:
— in this revision, Rivest-Shamir-Adleman algorithm (RSA) can be also be used for PIN encryption during
PIN issuance and change over open networks;
— SM4 has been added as an additional 16-byte block cipher;
— ECIES has been added as an option for offline PIN encryption to an IC card;
— a new appendix has been added to provide guidance on using asymmetric techniques to transport an
ephemeral symmetric PIN encryption key.
A list of all parts in the ISO 9564 series can be found on the ISO website.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.

iv
Introduction
This part of the ISO 9564 series specifies algorithms approved for the encipherment of personal identification
numbers (PINs). The algorithms approved for the encipherment of PINs are:
— triple data encryption algorithm (TDEA);
— Rivest–Shamir–Adleman algorithm (RSA);
— advanced encryption standard (AES);
— ShāngMì 4 (SM4);
— elliptic curve integrated encryption scheme (ECIES).

v
International Standard ISO 9564-2:2025(en)
Financial services — Personal Identification Number (PIN)
management and security —
Part 2:
Approved algorithms for PIN encipherment
1 Scope
This document specifies approved algorithms for the encipherment of personal identification numbers (PINs).
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content constitutes
requirements of this document. For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced document (including any amendments) applies.
ISO 9564-1, Financial services — Personal Identification Number (PIN) management and security — Part 1:
Basic principles and requirements for PINs in card-based systems
ISO/IEC 10116, Information technology — Security techniques — Modes of operation for an n-bit block cipher
ISO/IEC 18033-2, Information technology — Security techniques — Encryption algorithms — Part 2:
Asymmetric ciphers
ISO/IEC 18033-3, Information technology — Security techniques — Encryption algorithms — Part 3: Block ciphers
ISO/IEC 11770-6, Information technology — Security techniques — Key management — Part 6: Key derivation
ISO 11568, Financial services — Key management (retail)
ISO/IEC 18031, Information technology — Security techniques — Random bit generation
ISO/IEC 19772, Information security — Authenticated encryption
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 9564-1 apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
4 General
This document includes the approved algorithms for PIN encipherment. Key management practices
associated with PIN encipherment shall meet the requirements of ISO 11568.

5 Triple data encryption algorithm (TDEA)
5.1 Definition of the TDEA algorithm
The definition of TDEA shall be as described in the ISO/IEC 18033-3.
5.2 Use of the TDEA algorithm
Encipherment, using the TDEA as described in ISO/IEC 18033-3 with TDEA keying option 1 or 2, of the PIN
blocks described in ISO 9564-1, shall be achieved using the algorithm operating in the electronic code book
(ECB) mode (with n equal to 64), as described in ISO/IEC 10116.
This algorithm is approved for use with PIN block formats 0, 1 and 3 only.
TDEA is increasingly considered unsafe and should not be used in new implementations.
TDEA should not be used where a single key is used for more than 2 encryptions.
6 RSA encryption algorithm
6.1 Definition of the RSA algorithm
The definition of RSA shall be as described in ISO/IEC 18033-2.
6.2 Use of the RSA algorithm
This algorithm is approved only for use for encipherment of:
— offline PINs for submission to integrated circuit cards (ICCs) as defined in ISO 9564-1. The format 2 PIN
block and its encipherment, using RSA, shall be as described in ISO 9564-1.
— PINs used in issuance and change over open networks, as defined in ISO 9564-1.
7 AES encryption algorithm
7.1 Definition of the AES algorithm
The definition of AES shall be as described in ISO/IEC 18033-3.
7.2 Use of the AES algorithm
Encipherment, using AES as described in ISO/IEC 18033-3, of the PIN block described in ISO 9564-1 shall
be achieved using the algorithm operating in ECB mode (with block size n equal to 128), as described in
ISO/IEC 10116.
This algorithm is approved for use with PIN block format 4 only.
8 SM4 encryption algorithm
8.1 Definition of the SM4 algorithm
The definition of SM4 shall be as described in ISO/IEC 18033-3.

8.2 Use of the SM4 algorithm
Encipherment, using SM4 of the PIN block described in ISO 9564-1, shall be achieved using the algorithm
operating in ECB mode (with block size n equal to 128), as described in ISO/IEC 10116.
This algorithm is approved for use with PIN block format 4 only.
9 ECIES algorithm
9.1 Definition of the ECIES algorithm
ECIES is a hybrid cipher defined in ISO/IEC 18033-2 as ECIES-HC. When used for the PIN encryption, the
following internal mechanisms shall be used:
— An ECIES-KEM key encapsulation mechanism as described in ISO/IEC 18033-2.
— A key derivation function listed in ISO/IEC 11770-6 or the KDF1 or KDF2 functions defined in
ISO/IEC 18033-2.
— A data encapsulation mechanism (DEM) based on AES or SM4. AES or SM4 shall be used in an authenticated
encryption mechanism as defined in ISO/IEC 19772.
9.2 Use of the ECIES algorithm
This algorithm is approved only for encipherment of offline PINs for submission to ICCs as defined in
ISO 9564-1. It is approved for use only with PIN block format 2, as described in ISO 9564-1.
ECIES shall not be used for direct encryption of online PINs or PINs transported in issuance or change over
open networks. Components of ECIES, including ECIES-KEM and KDFs, can be used as part of a mechanism
to establish a symmetric online PIN encryption key. For further information, see Annex A.

Annex A
(informative)
Using key encapsulation mechanisms for establishment of ephemeral
PIN encryption keys
A.1 Overview
Algorithms used for PIN encryption are typically symmetric. However, key management for symmetric
cryptography can be challenging. Asymmetric cryptography often offers simpler key management than
symmetric cryptography and is desirable in some situations.
Hybrid ciphers are a class of asymmetric cipher where an asymmetric key encapsulation mechanism is
used for agreement or exchange of a symmetric key, and symmetric encryption is used for the encryption of
sensitive data. Components and concepts from hybrid ciphers may be used for PIN protection, subject to key
management requirements specified in ISO 11568.
This annex provides guidance on the use of key encapsulation mechanisms for transporting an ephemeral
PIN encryption key, and the subsequent use of the ephemeral PIN encryption key to protect PIN blocks.
A non-exhaustive set of use cases for PIN transfer using asymmetric ciphers is listed below:
a) transfer from PIN entry device to acquiring host as part of an online payment transaction;
b) transfer of online PINs between hosts in an interchange network;
c) transfer of a PIN between disparate SCD components, e.g. an offline PIN transferred between an EPP
and an SCR;
d) PINs transferred as part of an issuance and change over open networks solution.
A.2 Acceptable key encapsulation mechanisms
ISO 11568 applies to all keys used for PIN security, including key encapsulation mechanisms used for the
exchange of an ephemeral PIN encryption key. Annex F of ISO 11568:2023 approves ECIES-KEM and RSA-
based encryption methods from ISO/IEC 18033-2 for use with public key transport systems. ISO 11770-3
includes key agreement and secret key transport mechanisms which may be used as part of a key
encapsulation mechanism.
ISO/IEC 18033-2 defines the principles of a key encapsulation mechanisms, and includes details of ECIES-
KEM, RSA-KEM and RSA-ES (which can be used to transport a symmetric key). Conformity with ISO 11568
requires adherence to the following conditions:
— The security strength of the asymmetric primitive shall be equal or stronger than the symmetric key
being encapsulated, consistent with ISO 11568:2023, 4.1.5.
— Key derivation functions used within the KEM shall meet the requirements of ISO 11568:2023 4.6.1.2.
— Random numbers used shall meet the requirements of ISO/IEC 18031.
A.3 Acceptable PIN block formats
Key encapsulation mechanisms can be used to exchange keys of any of the approved symmetric algorithms
from this document. All PIN block formats usable with the chosen symmetric key are allowed for use when
the PIN key is exchanged under a suitable encapsulation mechanism.

--------------------
...