ISO/IEC 19823-10:2020

INTERNATIONAL ISO/IEC
STANDARD 19823-10
Second edition
2020-01
Information technology —
Conformance test methods for
security service crypto suites —
Part 10:
Crypto suite AES-128
Technologies de l'information — Méthodes d'essai de conformité pour
les suites cryptographiques des services de sécurité —
Partie 10: Suite cryptographique AES-128
Reference number
©
ISO/IEC 2020
© ISO/IEC 2020
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO/IEC 2020 – All rights reserved

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms, definitions, symbols and abbreviated terms . 1
3.1 Terms and definitions . 1
3.2 Symbols and abbreviated terms. 2
4 Test methods . 2
4.1 General . 2
4.2 By demonstration . 2
4.3 By design . 2
5 Test methods with respect to the ISO/IEC 18000 series . 2
5.1 Test requirements for ISO/IEC 18000-3 Interrogators and Tags . 2
5.2 Test requirements for ISO/IEC 18000-63 Interrogators and Tags . 3
6 Test methods with respect to the ISO/IEC 29167-10 Interrogators and Tags .3
6.1 Test map for optional features . 3
6.2 Additional parameters required as input for the test . 4
6.3 Crypto suite requirements . 4
6.3.1 General. 4
6.3.2 Crypto suite requirements of ISO/IEC 29167-10:2017, Clauses 1 to 6 . 5
6.3.3 Crypto suite requirements of ISO/IEC 29167-10:2017, Clauses 7 to 12. 5
6.3.4 Crypto suite requirements of ISO/IEC 29167-10:2017, Annex A . .21
6.3.5 Crypto suite requirements of ISO/IEC 29167-10:2017, Annex E .21
7 Test patterns .26
7.1 General .26
7.2 Test pattern information .26
7.2.1 General.26
7.2.2 Information related to ISO/IEC 18000-3 MODE 1 .26
7.2.3 Information related to ISO/IEC 18000-63 .27
7.3 Test pattern descriptions .27
7.3.1 General.27
7.3.2 Test pattern 01 (TAM reject message when "AuthMethod" is '11') .27
7.3.3 Test pattern 02 (TAM1 execution and error handling) .28
7.3.4 Test pattern 03 (TAM1 execution for all keys) .29
7.3.5 Test pattern 04 (TAM1 store Tag reply in the response buffer) .30
7.3.6 Test pattern 05 (TAM1 with Challenge, read Tag reply from the response
buffer) .31
7.3.7 Test pattern 06 (TAM2 execution and error handling) .32
7.3.8 Test pattern 07 (TAM2 unauthorized use of KeyID for profile) .36
7.3.9 Test pattern 08 (TAM2 execution for all keys) .37
7.3.10 Test pattern 09 (MAM1 execution and error handling) .37
7.3.11 Test pattern 10 (MAM2 execution and error handling) .39
7.3.12 Test pattern 11 (MAM1 and MAM2 execution for all keys) .43
Bibliography .45
© ISO/IEC 2020 – All rights reserved iii

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that
are members of ISO or IEC participate in the development of International Standards through
technical committees established by the respective organization to deal with particular fields of
technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other
international organizations, governmental and non-governmental, in liaison with ISO and IEC, also
take part in the work.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www .iso .org/ patents) or the IEC
list of patent declarations received (see http:// patents .iec .ch).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www .iso .org/
iso/ foreword .html.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 31, Automatic identification and data capture techniques.
This second edition cancels and replaces the first edition (ISO/IEC 19823-10:2017), which has been
technically revised.
The main changes compared to the previous edition are as follows:
— In addition to Tag Authentication, this edition also defines support for Interrogator authentication
and Mutual Authentication. This version describes the test methods for the additional functionality.
A list of all parts in the ISO/IEC 19823 series can be found on the ISO website.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/ members .html.
iv © ISO/IEC 2020 – All rights reserved

Introduction
The ISO/IEC 29167 series describes security services as applicable for the ISO/IEC 18000 series.
The various parts of ISO/IEC 29167 describe crypto suites that are optional extensions to the
ISO/IEC 18000 series air interfaces.
The ISO/IEC 19823 series describes the conformance test methods for security service crypto
suites. It is related to the ISO/IEC 18047 series, which describes the radio frequency identification
device conformance test methods, in the same way as the ISO/IEC 29167 series is related to the
ISO/IEC 18000 series.
These relations mean that for a product that is claimed to conform to a pair of ISO/IEC 18000 and
ISO/IEC 29167 documents, then the test methods of the ISO/IEC 18047 and ISO/IEC 19823 documents
apply. If a product supports more than one part of ISO/IEC 18000 or ISO/IEC 29167, all related parts of
ISO/IEC 18047 and ISO/IEC 19823 apply.
NOTE 1 The conformance test requirements of ISO/IEC 18000-6, ISO/IEC 18000-61, ISO/IEC 18000-62,
ISO/IEC 18000-63, ISO/IEC 18000-64 are currently all in ISO/IEC 18047-6.
This document describes the test methods for the AES-128 crypto suite as standardized in
ISO/IEC 29167-10.
NOTE 2 Test methods for interrogator and tag performance are covered by the ISO/IEC 18046 series.
© ISO/IEC 2020 – All rights reserved v

INTERNATIONAL STANDARD ISO/IEC 19823-10:2020(E)
Information technology — Conformance test methods for
security service crypto suites —
Part 10:
Crypto suite AES-128
1 Scope
This document describes test methods for determining the conformance of security crypto suites
defined in ISO/IEC 29167-10.
This document contains conformance tests for all mandatory and applicable optional functions.
The conformance parameters are the following:
— parameters that apply directly affecting system functionality and inter-operability;
— protocol including commands and replies;
— nominal values and tolerances.
Unless otherwise specified, the tests in this document are intended to be applied exclusively to RFID
Tags and Interrogators defined in the ISO/IEC 15693 series and in the ISO/IEC 18000 series using
ISO/IEC 29167-10.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 17025, General requirements for the competence of testing and calibration laboratories
ISO/IEC/TR 18047-3:2011, Information technology — Radio frequency identification device conformance
test methods — Part 3: Test methods for air interface communications at 13,56 MHz
ISO/IEC 18047-6:2017, Information technology — Radio frequency identification device conformance test
methods — Part 6: Test methods for air interface communications at 860 MHz to 960 MHz
ISO/IEC 19762, Information technology — Automatic identification and data capture (AIDC) techniques —
Harmonized vocabulary
ISO/IEC 29167-10:2017, Information technology — Automatic identification and data capture techniques —
Part 10: Crypto suite AES-128 security services for air interface communications
3 Terms, definitions, symbols and abbreviated terms
3.1 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 19762 and
ISO/IEC 29167-10 apply.
© ISO/IEC 2020 – All rights reserved 1

ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at http:// www .electropedia .org/
3.2 Symbols and abbreviated terms
For the purposes of this document, the symbols and abbreviated terms given in ISO/IEC 19762 apply.
4 Test methods
4.1 General
This clause describes the general test methods for ISO/IEC 29167-10. As the parts of ISO/IEC 19823 are
always tested in relation with the ISO/IEC 18047 series, a duplication of information requirements and
specifications should be avoided.
Clause 5 defines elements that are assumed to be covered in the respective part of the ISO/IEC 18047
series and, therefore, shall not be addressed in the ISO/IEC 19823 series. They may only be defined in
the ISO/IEC 19823 series if ISO/IEC 18047 does not define them, although a revision of the respective
part of the ISO/IEC 18047 series is the preferred option.
Clause 6 defines elements that are not expected to be covered by the ISO/IEC 18047 series and,
therefore, shall be addressed in the respective parts of the ISO/IEC 19823 series.
4.2 By demonstration
“By demonstration” means laboratory testing of one or, if required for statistical reasons, multiple
products, processes or services to ensure conformance.
A test laboratory meeting the requirements of ISO/IEC 17025 shall be selected for the performance of
the indicated testing to ensure conformance of the component or system.
For protocol requirements that are verified by demonstration, the test conditions are specified by this
document. The detailed test plan is at the discretion of the test laboratory.
4.3 By design
“By design” means design parameters and/or theoretical analysis that ensure conformance. A vendor
submitting a component or system for conformance testing shall provide the necessary technical
information, in the form of a technical memorandum or similar. A test laboratory shall issue a test
certificate indicating whether the technical analysis was sufficient to ensure conformance of the
component or system.
For protocol requirements that are verified by design, the method of technical analysis is at the
discretion of the submitting vendor and is not specified by this document. In general, the technical
analysis shall have sufficient rigor and technical depth to convince a test engineer knowledgeable of the
protocol that the particular requirement has been met.
5 Test methods with respect to the ISO/IEC 18000 series
5.1 Test requirements for ISO/IEC 18000-3 Interrogators and Tags
The following mandatory requirements and applicable optional requirements of ISO/IEC TR 18047-3:2011
shall be fulfilled:
— 5.2      Default conditions applicable to the test methods
2 © ISO/IEC 2020 – All rights reserved

Before a DUT is tested according to this document, it shall successfully pass the following prerequisite
from ISO/IEC TR 18047-3:2011:
— 5.3      Conformance tests for ISO/IEC 18000-3 Mode 1
5.2 Test requirements for ISO/IEC 18000-63 Interrogators and Tags
The following mandatory requirements and applicable optional requirements of ISO/IEC 18047-6:2017
shall be fulfilled:
— Clause 4 Default conditions applicable to the test methods
— Clause 5 Set up of test equipment
Before a DUT is tested according to this document, it shall successfully pass the following prerequisite
from ISO/IEC 18047-6:2017:
— Clause 8 Conformance tests for ISO/IEC 18000-63
6 Test methods with respect to the ISO/IEC 29167-10 Interrogators and Tags
6.1 Test map for optional features
Table 1 lists all optional features of this crypto suite and shall be used as a template to report the test
results.
Table 1 — Test map for optional features
Mark items
to be tested
# Feature Additional requirements Test results
for supplied
product
1 TAM2 Shall be tested with the Authenticate
command of the relevant part of ISO/
IEC 15693 or ISO/IEC 18000.
1.1 Memory profiles and MPI Shall be tested for all the declared memo-
ry profiles and for every supported key.
MAX_Profiles=Number of memory
profiles.
MAX_KeyID=Number of keys supported.
1.21 ProtMode=0000 Shall be tested with the Authenticate
b
command of the relevant part of ISO/
IEC 15693 or ISO/IEC 18000.
1.22 ProtMode=0001 Shall be tested with the Authenticate
b
command of the relevant part of ISO/
IEC 15693 or ISO/IEC 18000.
1.23 ProtMode=0010 Shall be tested with the Authenticate
b
command of the relevant part of ISO/
IEC 15693 or ISO/IEC 18000.
1.24 ProtMode=0011 Shall be tested with the Authenticate
b
command of the relevant part of ISO/
IEC 15693 or ISO/IEC 18000.
2 IAM1 Shall be tested with the Authenticate
command of the relevant part of ISO/
IEC 15693 or ISO/IEC 18000.
© ISO/IEC 2020 – All rights reserved 3

Table 1 (continued)
Mark items
to be tested
# Feature Additional requirements Test results
for supplied
product
3 IAM2 Shall be tested with the Authenticate
command of the relevant part of ISO/
IEC 15693 or ISO/IEC 18000.
4 IAM3 Shall be tested with the Authenticate
command of the relevant part of ISO/
IEC 15693 or ISO/IEC 18000.
5.1 Memory profiles and MPI Shall be tested for all the declared memo-
ry profiles and for every supported key.
MAX_Profiles=Number of memory
profiles.
MAX_KeyID=Number of keys supported.
5.21 ProtMode=0000 Shall be tested with the Authenticate
b
command of the relevant part of ISO/
IEC 15693 or ISO/IEC 18000.
5.22 ProtMode=0001 Shall be tested with the Authenticate
b
command of the relevant part of ISO/
IEC 15693 or ISO/IEC 18000.
5.23 ProtMode=0010 Shall be tested with the Authenticate
b
command of the relevant part of ISO/
IEC 15693 or ISO/IEC 18000.
5.24 ProtMode=0011 Shall be tested with the Authenticate
b
command of the relevant part of ISO/
IEC 15693 or ISO/IEC 18000.
6 MAM1 Shall be tested with the Authenticate
command of the relevant part of ISO/
IEC 15693 or ISO/IEC 18000.
7 MAM2 Shall be tested with the Authenticate
command of the relevant part of ISO/
IEC 15693 or ISO/IEC 18000.
Table 3 lists all crypto suite requirements that shall be tested in dependence of the features of Table 1
as supported by the DUT. Items marked with M are mandatory and shall be tested for each DUT.
6.2 Additional parameters required as input for the test
Table 2 lists all additional test parameters of this crypto suite.
Table 2 — Additional test parameters
# Feature Additional requirement Value
1 Maximum BlockSize Shall be provided to ensure that only test results for sup-
ported parameters are taken into consideration.
2 TAM2 Revision Shall be provided to ensure that only test results for sup- 0 or 1
ported parameters are taken into consideration.
6.3 Crypto suite requirements
6.3.1 General
This clause contains all requirements of ISO/IEC 29167-10.
4 © ISO/IEC 2020 – All rights reserved

6.3.2 Crypto suite requirements of ISO/IEC 29167-10:2017, Clauses 1 to 6
All the requirements of ISO/IEC 29167-10:2017, Clauses 1 to 6 are mandatory, inherently by design only.
6.3.3 Crypto suite requirements of ISO/IEC 29167-10:2017, Clauses 7 to 12
Table 3 contains all requirements of ISO/IEC 29167-10:2017, Clauses 7 to 12.
Table 3 — Crypto suite requirements of ISO/IEC 29167-10:2017, Clauses 7 to 12
Protocol
a b c
Item Requirement M/O Applies to How verified
a
subclause
0020 7 The Tag shall transition from M Tag By design
Crypto suite the Start State to the Next State
state diagram conforming to the requirements
specified in Annex A.
0030 8 After power-up and after a reset, M Tag By design
Initialization the crypto suite shall transition
and resetting into the Initial state.
0040 8 After the Tag encounters an M Tag By design
error condition, it shall transi-
tion into the Initial state.
0050 8 After the Tag encounters an M Tag By design
error condition, it may send
an error reply to the Interro-
gator, but in that case the Tag
shall select one Error Condition
from the list that is specified in
Annex B.
0060 8 A transition to Initial state shall M Tag By design
also cause a reset of all variables
used by the crypto suite.
0070 8 Implementations of this crypto M Tag By design
suite shall assure that all memo-
ry used for intermediate results
is cleared after each operation
(message-response pair) and
after reset.
0080 9.2 The authentication message M Interrogator By design
Adding shall include the reference KeyID
custom data to select an encryption key in
Table 27 (see Clause 11).
0090 9.2 If protection of integrity and au- M Interrogator By design
thenticity of the data is request-
ed, the selected reference KeyID
shall also contain a MAC key.
0100 9.2 A Tag that supports including M Tag By demonstration
custom data in the authentica- using test pattern 08
tion process shall define at least
one and at most 16 memory
profiles.
0110 9.2 The memory profiles may also M Tag By demonstration
be linked to a key in Table 27 using test pattern 07
that shall be used for the encryp-
tion process to protect the data.
0120 9.2 The custom data block shall M Interrogator / By design
be defined by the parameters Tag
BlockSize, Profile, Offset and
BlockCount.
0130 9.2 The mode of operation that shall M Interrogator / By design
be used for the encryption and/ Tag
or protection of the custom data
is specified by ProtMode.
© ISO/IEC 2020 – All rights reserved 5

Table 3 (continued)
Protocol
a b c
Item Requirement M/O Applies to How verified
a
subclause
0140 9.2 BlockSize shall select the size M Interrogator / By design
of the custom data block; "0 " Tag
b
specifies custom data in 64-bit
blocks, "1 " specifies custom
b
data as 16-bit blocks.
0150 9.2 Profile shall select one of the M Interrogator / By design
memory profiles that are sup- Tag
ported by the Tag. The memory
profiles are specified in Annex E.
0160 9.2 Maximum binary value is M Tag By design
"1111 ", or decimal 15, corre-
b
sponding to a maximum number
of 16 blocks of custom data that
shall be included.
0170 9.2 If the number of included bits of M Tag By design
the custom data including the
header is not a multiple of 128,
then padding with zeroes shall
be applied to the least significant
bits of the last block that has a
non-zero block size of less than
128 bits.
0180 9.2 The Interrogator shall maintain M Interrogator By design
the value of BlockCount for use
as part of the MAC verification
process.
0190 9.2 The Tag manufacturer shall M By design
specify the number of custom
data blocks that can be included.
0200 9.2 The minimum value of D shall M By design
be 1. The maximum value of D
supported by the Tag is specified
by the Tag manufacturer.
0210 9.2 ProtMode specifies the mode of M Interrogator / By design
operation that shall be used for Tag
the encryption and/or
protection of the custom data.
0220 9.3 The crypto suite shall parse the M Tag By design
Message and Messages and process the data
response based on the value of
formatting AuthMethod, which is the first
parameter (first two bits) of all
Messages.
0230 9.3 The Messages for Tag M Interrogator / By design
Authentication, Interrogator Tag
Authentication and Mutual
Authentication shall be distin-
guished by AuthMethod.
0240 9.3 If AuthMethod = "00 ", the Tag M Tag By design
b
shall parse the Message for Tag
Authentication as described in
9.4.
0250 9.3 If AuthMethod = "01 ", the M Tag By design
b
Tag shall parse Message for
Interrogator Authentication as
described in 9.5.
0260 9.3 If AuthMethod = "10 ", the Tag M Tag By design
b
shall parse Message for Mutual
Authentication as described in
9.6.
6 © ISO/IEC 2020 – All rights reserved

Table 3 (continued)
Protocol
a b c
Item Requirement M/O Applies to How verified
a
subclause
0270 9.3 If AuthMethod = "11 ", then the M Tag By demonstration,
b
Tag shall return a "Not Support- using the test pattern 01
ed" error condition.
0280 9.4.1 If CustomData = "0 ", the Tag M Tag By demonstration,
b
TAM shall parse the TAM1 Message for using the test pattern 03
Tag Authentication without cus-
tom data as described in 9.4.2.
0280 9.4.1 If CustomData = "1 ", the Tag M Tag By demonstration,
b
TAM shall parse the TAM2 Message using the test pattern 08
for Tag Authentication with cus-
tom data as described in 9.4.5.
0280 9.4.2 For Tag authentication, the M Interrogator / By demonstration,
TAM1 Interrogator shall generate an Tag using the test pattern 03
80-bit random TAM1 Interroga-
tor challenge and include that
in the TAM1 message.
The TAM1 message shall also
include the reference KeyID
to select an encryption key in
Table 27 (see Clause 11).
KeyID: 8-bit value that speci-
fies the key that shall be used
for TAM1.
0310 9.4.2 The Tag shall accept this mes- M Tag By design
sage in any state. If the value of
the parameters of the message is
invalid, then the Tag shall transi-
tion to the Initial state, thereby
aborting any cryptographic
protocol that has not yet been
completed.
0330 9.4.2 If the length of the TAM1 mes- M Tag By demonstration,
sage is <> 96 bits, then the Tag using the test pattern 02
shall return an "Other Error"
error condition.
0340 9.4.2 If TAM1_RFU[4:0] is M Tag By demonstration,
<> "00000 ", then the Tag shall using the test pattern 02
b
return a "Not Supported" error
condition.
0350 9.4.2 If the Tag does not support M Tag By demonstration using
key[KeyID].ENC_key, then the test pattern 02
Tag shall return a "Not Support- (test pattern 5)
ed" error condition.
0360 9.4.3 If all parameters have been M Tag By demonstration using
successful verified, then the Tag test pattern 03
shall generate a response as
specified in Table 5.
The Tag shall generate the
random data TRnd_TAM1[31:0]
and encrypt the concatenation of
the constant C_TAM1[15:0], the
random data TRnd_TAM1[31:0]
and the challenge
IChallenge_TAM1[79:0] using
Key[KeyID].ENC_key.
0380 9.4.3 After returning the TAM1 M Tag By design
Response (TResponse), the Tag
shall remain in the Initial state.
© ISO/IEC 2020 – All rights reserved 7

Table 3 (continued)
Protocol
a b c
Item Requirement M/O Applies to How verified
a
subclause
0390 9.4.4 The Interrogator (or the ex- M Interrogator By demonstration using
ternal application controlling test pattern 03
the Interrogator) decrypts the
TAM1 Response (TResponse)
and shall verify whether C_TAM1
and IChallenge_TAM1 have the
correct value.
0400 9.4.5 The Interrogator shall generate M Interrogator By design
TAM2 an 80-bit random number for use
Message as TAM2 Interrogator challenge.
0410 9.4.5 BlockCount[3:0]: number that M Interrogator By design
defines the size of the custom
data as a number of 16-bit or
64-bit blocks. If the number of
included bits of the custom data
including header is not a mul-
tiple of 128, then padding with
zeroes shall be applied to the
least significant bits of the last
block that has a non-zero block
size of less than 128 bits.
0420 9.4.5 The Interrogator shall maintain M Interrogator By design
the value of BlockCount for use
as part of the MAC verification
process.
0430 9.4.5 The Tag manufacturer shall M Tag By design
specify the number of custom
data blocks that can be included.
0440 9.4.5 ProtMode[3:0]: value to select M Interrogator By design
the mode of operation that shall
be used to process the custom
data as specified in Table 3.
0450 9.4.5 The Tag shall accept this mes- M Tag By design
sage in any state.
0460 9.4.5 If the parameters of the message M Tag By design
are invalid, then the Tag shall
transition to the Initial state,
thereby aborting any cryp-
tographic protocol that has not
yet been completed.
0470 9.4.5 If the length of the TAM2 mes- M Tag By demonstration using
sage is <> 120 bits, then the Tag test pattern 06
shall return an "Other Error"
error condition.
0480 9.4.5 If BlockSize = "1 " and the Tag M Tag By design
b
does not support value "1 ",
b
then the Tag shall return a "Not
Supported" error condition.
0490 9.4.5 If TAM2_Rev specifies a TAM2 M Tag By design
message format that is not sup-
ported by the Tag, then the Tag
shall return a "Not Supported"
error condition.
0500 9.4.5 If TAM2_RFU[2:0] is <> "000 ", M Tag By demonstration using
b
then the Tag shall return a "Not test pattern 06
Supported" error condition.
0510 9.4.5 If the Tag does not support M Tag By demonstration using
key[KeyID].ENC_key, then the test pattern 06
Tag shall return a "Not Support-
ed" error condition.
8 © ISO/IEC 2020 – All rights reserved

Table 3 (continued)
Protocol
a b c
Item Requirement M/O Applies to How verified
a
subclause
0520 9.4.5 If the memory profile specified M Tag By demonstration using
in Profile is not supported by the test pattern 06
Tag, then the Tag shall return a
"Not Supported" error condition.
0530 9.4.5 The Tag shall check if the spec- M Tag By demonstration using
ified memory profile has the test pattern 07
right to use KeyID for further
processing: else key[KeyID] is
not authorized for this memory
profile and the Tag shall return a
"Not Supported" error condition.
0550 9.4.5 If the block of custom data spec- M Tag By demonstration using
ified by BlockSize, Profile, Offset test pattern 06
and BlockCount is not supported
by the Tag, then the Tag shall re-
turn a "Memory Overrun" error
condition.
0560 9.4.5 If the ProtMode value is not sup- M Tag By design
ported by the Tag, then the Tag
shall return a “Not Supported”
error condition.
0570 9.4.6.1 If all parameters have been suc- M Tag By demonstration using
TAM2 cessfully verified, then the Tag test pattern 08
Response shall proceed with parsing the
TAM2 message.
0580 9.4.6.1 After returning the TAM2 M Tag By design
Response (TResponse), the Tag
shall remain in the Initial state.
0590 9.4.6.2 The Tag shall add custom data in O Tag By demonstration using
TAM2_Rev plaintext to the authentication test pattern 08, with profile that
= "0 " and block and generate a response as is supported by the Tag and Prot-
b
ProtMode = specified in Table 7. Mode = "0000 "
b
"0000 "
b
0600 9.4.6.3 The Tag shall add custom data O Tag By demonstration using
TAM2_Rev with confidentiality protection test pattern 08, with profile that
= "0 " and to the authentication block and is supported by the Tag and Prot-
b
ProtMode = generate a response as specified Mode = "0001 "
b
"0001 " in Table 8.
b
The Tag shall use AES encryp-
tion in CBC mode to encrypt all D
custom data blocks.
0620 9.4.6.4 The Tag shall add custom data O Tag By demonstration using
TAM2_Rev with integrity protection to test pattern 08, with profile that
= "0 " and the authentication block and is supported by the Tag and Prot-
b
ProtMode = generate a response as specified Mode = "0010 "
b
"0010 " in Table 9.
b
The Tag shall use AES-CMAC-96
to calculate the truncated 96-bit
CMAC over the authentication
block and the D following plain-
text custom data blocks.
© ISO/IEC 2020 – All rights reserved 9

Table 3 (continued)
Protocol
a b c
Item Requirement M/O Applies to How verified
a
subclause
0640 9.4.6.5 The Tag shall add custom data O Tag By demonstration using
TAM2_Rev with confidentiality and integ- test pattern 08, with profile that
= "0 " and rity protection to the authenti- is supported by the Tag and Prot-
b
ProtMode = cation block and generate a re- Mode = "0011 "
b
"0011 " sponse as specified in Table 10.
b
The Tag shall use AES encryp-
tion in CBC mode to encrypt
the initial authentication block
and all following D custom data
blocks.
The Tag shall use AES-CMAC-96
to calculate the truncated 96-bit
CMAC over the authentication
block and the D following en-
crypted custom data blocks.
0670 9.4.6.6 The Tag shall compute the O Tag By demonstration using
TAM2_Rev authentication block as the test pattern 08, with profile that
= "1 " and encryption of C_TAM2_0[15:0], is supported by the Tag and Prot-
b
ProtMode = TRnd_TAM2[31:0] and Mode = "0000 "
b
"0000 " IChallenge_TAM2[79:0].
b
The Tag shall add the header
and the custom data in plaintext
to the authentication block and
generate a response as specified
in Table 11.
0690 9.4.6.7 The Tag shall compute the O Tag By demonstration using
TAM2_Rev authentication block as the test pattern 08, with profile that
= "1 " and encryption of C_TAM2_1[15:0], is supported by the Tag and Prot-
b
ProtMode = TRnd_TAM2[31:0] and Mode = "0001 "
b
"0001 " IChallenge_TAM2[79:0].
b
The Tag shall add the head-
er and the custom data with
confidentiality protection to
the authentication block and
generate a response as specified
in Table 12.
The Tag shall use AES encryp-
tion in CBC mode to encrypt all
D data blocks composed of the
header and the custom data.
0720 9.4.6.8 The Tag shall compute the O Tag By demonstration using
TAM2_Rev authentication block as the test pattern 08, with profile that
= "1 " and encryption of C_TAM2_2[15:0], is supported by the Tag and Prot-
b
ProtMode = TRnd_TAM2[31:0] and Mode = "0010 "
b
"0010 " IChallenge_TAM2[79:0].
b
The Tag shall add the header and
the custom data with integrity
protection to the authentication
block and generate a response as
specified in Table 13.
The Tag shall use AES-CMAC-96
to calculate the truncated 96-bit
CMAC over the authentication
block and the D following plain-
text data blocks composed of the
header and the custom data.
10 © ISO/IEC 2020 – All rights reserved

Table 3 (continued)
Protocol
a b c
Item Requirement M/O Applies to How verified
a
subclause
0750 9.4.6.9 The Tag shall add the header and O Tag By demonstration using
TAM2_Rev the custom data with confiden- test pattern 08, with profile that
= "1 " and tiality and integrity protection is supported by the Tag and Prot-
b
ProtMode = to the authentication block and Mode = "0011 "
b
"0011 " generate a response as specified
b
below and in Table 14.
The Tag shall use AES encryp-
tion in CBC mode to encrypt
the initial authentication block
and all following D data blocks
composed of the header and the
custom data.
The Tag shall use AES-CMAC-96
to calculate the truncated 96-bit
CMAC over the authentication
block and the D following en-
crypted custom data blocks.
0780 9.4.7.2 The Interrogator (or the ex- M Interrogator By demonstration using test
TAM2 Final ternal application controlling pattern 08 and verifying that the
Interrogator the Interrogator) decrypts the interrogator aborts if the local key
processing TAM2 Response (TResponse) at the interrogator is changed to a
TAM2_Rev = and shall verify whether C_TAM2 value different from that in the Tag
"0 " and IChallenge_TAM2 have the
b
correct value.
0790 9.4.7.3 The Interrogator (or the external M Interrogator By demonstration using test
TAM2 Final application controlling the Inter- pattern 08 and verifying that the
Interrogator rogator) decrypts the first block interrogator aborts if the local key
processing of TAM2 Response (TResponse) at the interrogator is changed to a
TAM2_Rev = and shall verify whether C_TAM2 value different from that in the Tag
"1 " constant and IChallenge_TAM2
b
have the correct value.
0800 9.4.7.3 If ProtMode = 0000 , C_TAM2 M Interrogator By design
b
shall be C_TAM2_0.
0810 9.4.7.3 If ProtMode = 0001 , C_TAM2 M Interrogator By design
b
shall be C_TAM2_1.
0820 9.4.7.3 If ProtMode = 0010 , C_TAM2 M Interrogator By design
b
shall be C_TAM2_2.
0830 9.4.7.3 If ProtMode = 0011 , C_TAM2 M Interrogator By design
b
shall be C_TAM2_3
0840 9.5.1 If Step = "00 ", the Tag shall M Tag By design
b
IAM parse the IAM1 Message for
Interrogator Authentication as
described in 9.5.2.
0850 9.5.1 If Step = "01 ", the Tag shall M Tag By design
b
IAM parse the IAM2 and IAM3 Mes-
sages and process the data based
on the value of CustomData,
which is the third parameter in
the IAM2 and IAM3 Messages.
0860 9.5.1 If Step = "01 " and CustomData M Tag By design
b
IAM = "0 ", the Tag shall parse the
b
IAM2 Message for Interrogator
Authentication without custom
data as described in 9.5.5.
0870 9.5.1 If Step = "01 " and CustomData M Tag By design
b
IAM = "1 ", the Tag shall parse the
b
IAM3 Message for Interrogator
Authentication with custom data
as described in 9.5.8.
© ISO/IEC 2020 – All rights reserved 11

Table 3 (continued)
Protocol
a b c
Item Requirement M/O Applies to How verified
a
subclause
0880 9.5.1 If Step = "10 ", the Tag shall M Tag By design
b
IAM return a "Not Supported" error
condition.
0890 9.5.1 If Step = "11 ", the Tag shall M Tag By design
b
IAM return a "Not Supported" error
condition.
0900 9.5.2 The Tag shall accept this mes- M Tag By design
IAM1 sage only in the Initial or the
IA-OK state (unless occupied
by internal processing and not
capable of receiving messages).
0910 9.5.2 If the parameters of the message M Tag By design
IAM1 are invalid, then the Tag shall
transition to the Initial state,
thereby aborting any cryp-
tographic protocol that has not
yet been completed.
0920 9.5.2 If the length of the IAM1 mes- M Tag By design
IAM1 sage is <> 16 bits, then the Tag
shall return an "Other Error"
error condition.
0930 9.5.2 If the value of IAM1_RFU[3:0] is M Tag By design
IAM1 <> "0000 ", then the Tag shall
b
return a "Not Supported" error
condition.
0940 9.5.2 If the Tag does not support M Tag By design
IAM1 key[KeyID].ENC_key, then it shall
return a "Not Supported" error
condition.
0950 9.5.3 The Tag shall generate a random M Tag By design
IAM1 challenge TChallenge_IAM1[79:0]
Response and store a copy of TChallenge_
IAM1 for subsequent verification
(see 9.5.5 or 9.5.8).
0960 9.5.3 The Tag shall store a copy of M Tag By design
KeyID for use in 9.5.5 or 9.5.8.
0970 9.5.3 The Tag shall send the challenge M Tag By design
TChallenge_IAM1 in the IAM1 Re-
sponse as specified in Table 16.
0980 9.5.3 After returning the IAM1 Re- M Tag By design
sponse (TResponse), the Tag shall
transition to the IAM-Init state.
0990 9.5.4 The Interrogator (or the exter- M Interrogator By design
Final Interro- nal application controlling the
gator process- Interrogator) shall decrypt a
ing IAM1 concatenation of C_IAM2 (DA8 ),
h
Purpose_IAM2[3:0], IRnd_
IAM2[31:0] and TChallenge_IAM1
as input for the IAM2 Message or
IAM3 Message.
12 © ISO/IEC 2020 – All rights reserved

Table 3 (continued)
Protocol
a b c
Item Requirement M/O Applies to How verified
a
subclause
1000 9.5.5 The Tag shall accept this mes- M Tag By design
IAM2 sage only in the IAM-Init state
Message (unless occupied by internal
processing and not capable of
receiving messages).
If the Tag is not in the IAM-Init
state, it shall abort any cryp-
tographic protocol that has not
yet been completed
and shall transition to the Ini-
tial state.
1030 9.5.5 If the length of the IAM2 mes- M Tag By design
sage is <> 136 bits, then the Tag
shall return an "Other Error"
error condition.
1040 9.5.5 If the value of IAM2_RFU[2:0] M Tag By design
is <> "000 ", then the Tag shall
b
return a "Not Supported" error
condition.
1050 9.5.5 If the parameter verifications M Tag By design
have been completed success-
fully, the Tag shall perform an
AES encryption of IResponse
and retrieve C_IAM2[11:0], Pur-
pose_IAM2[3:0], IRnd_IAM2[31:0]
and TChallenge_IAM1[79:0]) for
further verification.
1060 9.5.5 Cryptographic errors shall only M Tag By design
be returned after all checks have
been completed.
1070 9.5.5 If the value of C_IAM2[11:0] is M Tag By design
<> "DA8 ", then the Tag shall
h
return a "Not Supported" error
condition.
1080 9.5.5 If the value of Purpose_IAM2[3:0] M Tag By design
is <> "0000 " and not supported
b
by the Tag, then the Tag shall
return a "Not Supported" error
condition.
1090 9.5.5 If the value for TChallenge_ M Tag By design
IAM1[79:0] is not equal to the
copy of TChallenge_IAM1[79:0]
that has been stored in IAM1
(see 9.5.3), then the Tag shall
return a “Cryptographic Error”
error condition.
1100 9.5.6 If the Interrogator Authentica- M Tag By design
IAM2 tion has been completed suc-
Response cessfully, the Tag shall respond
with an IAM2 Response that
shall be empty (zero bits).
1110 9.5.6 After returning the IAM2 Re- M Tag By design
sponse (TResponse), the Tag shall
transition to the IA-OK state.
1120 9.5.8.1 The Interrogator shall use IAM3 M Interrogator By design
IAM3 if it wants to write custom data
Message in the Tag’s memory using Inter-
rogator Authentication.
© ISO/IEC 2020 – All rights reserved 13

Table 3 (continued)
Protocol
a b c
Item Requirement M/O Applies to How verified
a
subclause
1130 9.5.8.1 If ciphertext is required, the In- M Interrogator By design
terrogator shall use AES in CBC
decryption mode on the custom
data, using the Authentication-
Block as the Initialization Vector.
1140 9.5.8.1 If required, the interrogator M Interrogator By des
...