The purpose of SA8/SA10 is to work with systems that shall handle PIN and/or cryptographic keys. All cryptography is done with the DES-algorithm. SA8/SA10 is suited for systems where the security requirements are high. The SA8/SA10 is connected to a PC via the RS-232 interface and is supposed to work together with a host application on the PC, for instance a key management system or a PIN printing system.

SA8/SA10 consists of three main parts, the profile registers, the keys registers and the functions. Which functions/commands that are allowed to execute in the SA8/SA10, is determined by the installation configuration.

SA8/SA10 contains functions for generating, storage and export of cryptographic keys. When not used, the operative keys are stored on an external key file or database, encrypted with the SA8/SA10 key encryption key. The key registers can hold keys of 56, 112, or 168 bits length. For key separation we used control vectors. The control vector determines what the key may be used for. The control vectors have the same format as those used in IBM CCA.

SA8/SA10 offer a number of possibilities when it comes to handling PIN. For instance, it is possible to get clear PIN from an encrypted PIN-block, and vice versa. With the built-in random number generator, PINs can also be randomized. Also CVV (Card Verification Value), RV (reference value for PIN verification) and OV (Offset Value according to IBM 3624) can be calculated.

SA8/SA10 also provides functionality for encrypt/decrypt data according to the CBC-method. It is also possible to use SA8/SA10 for generation or verification of MAC values. The method used is ANSI X9.9/ISO 9797.

In SA8/SA10, there are a number of counters that are updated when specific operations are accomplished in the secure device. This will make revision easy, as it is possible to determine the secure device has not been used unauthorized since last production.