iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ISO

ISO/IEC 29167-10:2017

(Main)

Information technology — Automatic identification and data capture techniques — Part 10: Crypto suite AES-128 security services for air interface communications

Information technology — Automatic identification and data capture techniques — Part 10: Crypto suite AES-128 security services for air interface communications

ISO/IEC 29167-10:2017 specifies the crypto suite for AES-128 for the ISO/IEC 18000 air interfaces standards for radio frequency identification (RFID) devices. Its purpose is to provide a common crypto suite for security for RFID devices that might be referred by ISO committees for air interface standards and application standards. ISO/IEC 29167-10:2017 specifies a crypto suite for AES-128 for an air interface for RFID systems. The crypto suite is defined in alignment with existing air interfaces. ISO/IEC 29167-10:2017 specifies various authentication methods and methods of use for the encryption algorithm. A Tag and an Interrogator can support one, a subset, or all of the specified options, clearly stating what is supported.

Technologies de l'information — Techniques automatiques d'identification et de capture de données — Partie 10: Services de sécurité par suite cryptographique AES-128 pour communications par interface radio

General Information

Status
Published
Publication Date
15-Oct-2017
ICS
35.040 - Information coding
35.040.50 - Automatic identification and data capture techniques
Technical Committee
ISO/IEC JTC 1/SC 31 - Automatic identification and data capture techniques
Drafting Committee
ISO/IEC JTC 1/SC 31/WG 4 - Radio communications
Current Stage
9092 - International Standard to be revised
Start Date
30-Jan-2024
Completion Date
19-Apr-2025
Ref Project

Relations

Revises
ISO/IEC 29167-10:2015 - Information technology — Automatic identification and data capture techniques — Part 10: Crypto suite AES-128 security services for air interface communications
Effective Date
05-Nov-2015

Buy Standard

ISO/IEC 29167-10:2017 - Information technology — Automatic identification and data capture techniques — Part 10: Crypto suite AES-128 security services for air interface communications Released:10/16/2017ISO/IEC 29167-10:2017 - Information technology — Automatic identification and data capture techniques — Part 10: Crypto suite AES-128 security services for air interface communications Released:10/16/2017
PreviousNext
Standard
ISO/IEC 29167-10:2017 - Information technology — Automatic identification and data capture techniques — Part 10: Crypto suite AES-128 security services for air interface communications Released:10/16/2017
English language
58 pages
sale 15% off
Preview
sale 15% off
Preview
ISO/IEC 29167-10:2017 - Information technology -- Automatic identification and data capture techniquesISO/IEC 29167-10:2017 - Information technology -- Automatic identification and data capture techniques
PreviousNext
Standard
ISO/IEC 29167-10:2017 - Information technology -- Automatic identification and data capture techniques
English language
58 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


INTERNATIONAL ISO/IEC
STANDARD 29167-10
Second edition
2017-09
Information technology — Automatic
identification and data capture
techniques —
Part 10:
Crypto suite AES-128 security services
for air interface communications
Technologies de l'information — Techniques automatiques
d'identification et de capture de données —
Partie 10: Services de sécurité par suite cryptographique AES-128
pour communications par interface radio
Reference number
©
ISO/IEC 2017
© ISO/IEC 2017, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO/IEC 2017 – All rights reserved

Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms, definitions, symbols and abbreviated terms . 1
4 Conformance . 6
4.1 Air interface protocol specific information . 6
4.2 Interrogator conformance and obligations . 6
4.3 Tag conformance and obligations . 6
5 Introduction of the AES-128 crypto suite . 6
6 Parameter definitions . 7
7 Crypto suite state diagram . 8
8 Initialization and resetting . 9
9 Authentication . 9
9.1 General . 9
9.2 Adding custom data to authentication process .10
9.3 Message and response formatting .12
9.4 Tag authentication (Method “00” = TAM) .13
9.4.1 General.13
9.4.2 TAM1 Message .13
9.4.3 TAM1 Response .14
9.4.4 Final Interrogator processing TAM1 .14
9.4.5 TAM2 Message .14
9.4.6 TAM2 Response .16
9.4.7 Final Interrogator processing TAM2 .20
9.5 Interrogator authentication (Method “01” = IAM).21
9.5.1 General.21
9.5.2 IAM1 Message .21
9.5.3 IAM1 Response .22
9.5.4 Final Interrogator processing IAM1 .22
9.5.5 IAM2 Message .22
9.5.6 IAM2 Response .23
9.5.7 Final Interrogator processing IAM2 .23
9.5.8 IAM3 Message .23
9.5.9 IAM3 Response .28
9.5.10 Final Interrogator processing IAM3 .29
9.6 Mutual authentication (Method “10” = MAM) .29
9.6.1 General.29
9.6.2 MAM1 Message .29
9.6.3 MAM1 Response .30
9.6.4 Final Interrogator processing MAM1 .30
9.6.5 MAM2 Message .30
9.6.6 MAM2 Response .31
9.6.7 Final Interrogator processing MAM2 .31
10 Communication .31
11 Key Table and KeyUpdate .31
Annex A (normative) Crypto suite state transition table .34
Annex B (normative) Error conditions and error handling .35
© ISO/IEC 2017 – All rights reserved iii

Annex C (normative) Cipher description .36
Annex D (informative) Test vectors .40
Annex E (normative) Protocol specific information.41
Annex F (informative) Examples .49
Bibliography .58
iv © ISO/IEC 2017 – All rights reserved

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work. In the field of information technology, ISO and IEC have established a joint technical committee,
ISO/IEC JTC 1.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following
URL: www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 31, Automatic identification and data capture techniques.
This second edition cancels and replaces the first edition (ISO/IEC 29167-10:2015), which has been
technically revised.
A list of all parts in the ISO/IEC 29167 series can be found on the ISO website.
© ISO/IEC 2017 – All rights reserved v

Introduction
This document specifies the security services of an AES-128 crypto suite. AES has a fixed block size of
128 bits and a key size of 128 bits, 192 bits or 256 bits. This document uses AES with a fixed key size of
128 bits and is referred to as AES-128.
This document specifies procedures for the authentication of a Tag and or an Interrogator using AES-
128 and provides the following features:
— Tag Authentication;
— Tag Authentication allows authenticated and encrypted reading of a part of the Tag’s memory;
— Interrogator Authentication;
— Interrogator Authentication allows authenticated and encrypted writing of a part of the Tag’s memory;
— Mutual Authentication.
Crypto suite only supports encryption on the Tag and uses encryption for “encrypting” messages sent
from the Tag to the Interrogator and “decrypting” messages received from the Interrogator.
The International Organization for Standardization (ISO) and International Electrotechnical
Commission (IEC) draw attention to the fact that it is claimed that compliance with this document
might involve the use of patents concerning radio-frequency identification technology
...


INTERNATIONAL ISO/IEC
STANDARD 29167-10
Second edition
2017-09
Information technology — Automatic
identification and data capture
techniques —
Part 10:
Crypto suite AES-128 security services
for air interface communications
Technologies de l'information — Techniques automatiques
d'identification et de capture de données —
Partie 10: Services de sécurité par suite cryptographique AES-128
pour communications par interface radio
Reference number
©
ISO/IEC 2017
© ISO/IEC 2017, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO/IEC 2017 – All rights reserved

Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms, definitions, symbols and abbreviated terms . 1
4 Conformance . 6
4.1 Air interface protocol specific information . 6
4.2 Interrogator conformance and obligations . 6
4.3 Tag conformance and obligations . 6
5 Introduction of the AES-128 crypto suite . 6
6 Parameter definitions . 7
7 Crypto suite state diagram . 8
8 Initialization and resetting . 9
9 Authentication . 9
9.1 General . 9
9.2 Adding custom data to authentication process .10
9.3 Message and response formatting .12
9.4 Tag authentication (Method “00” = TAM) .13
9.4.1 General.13
9.4.2 TAM1 Message .13
9.4.3 TAM1 Response .14
9.4.4 Final Interrogator processing TAM1 .14
9.4.5 TAM2 Message .14
9.4.6 TAM2 Response .16
9.4.7 Final Interrogator processing TAM2 .20
9.5 Interrogator authentication (Method “01” = IAM).21
9.5.1 General.21
9.5.2 IAM1 Message .21
9.5.3 IAM1 Response .22
9.5.4 Final Interrogator processing IAM1 .22
9.5.5 IAM2 Message .22
9.5.6 IAM2 Response .23
9.5.7 Final Interrogator processing IAM2 .23
9.5.8 IAM3 Message .23
9.5.9 IAM3 Response .28
9.5.10 Final Interrogator processing IAM3 .29
9.6 Mutual authentication (Method “10” = MAM) .29
9.6.1 General.29
9.6.2 MAM1 Message .29
9.6.3 MAM1 Response .30
9.6.4 Final Interrogator processing MAM1 .30
9.6.5 MAM2 Message .30
9.6.6 MAM2 Response .31
9.6.7 Final Interrogator processing MAM2 .31
10 Communication .31
11 Key Table and KeyUpdate .31
Annex A (normative) Crypto suite state transition table .34
Annex B (normative) Error conditions and error handling .35
© ISO/IEC 2017 – All rights reserved iii

Annex C (normative) Cipher description .36
Annex D (informative) Test vectors .40
Annex E (normative) Protocol specific information.41
Annex F (informative) Examples .49
Bibliography .58
iv © ISO/IEC 2017 – All rights reserved

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work. In the field of information technology, ISO and IEC have established a joint technical committee,
ISO/IEC JTC 1.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following
URL: www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 31, Automatic identification and data capture techniques.
This second edition cancels and replaces the first edition (ISO/IEC 29167-10:2015), which has been
technically revised.
A list of all parts in the ISO/IEC 29167 series can be found on the ISO website.
© ISO/IEC 2017 – All rights reserved v

Introduction
This document specifies the security services of an AES-128 crypto suite. AES has a fixed block size of
128 bits and a key size of 128 bits, 192 bits or 256 bits. This document uses AES with a fixed key size of
128 bits and is referred to as AES-128.
This document specifies procedures for the authentication of a Tag and or an Interrogator using AES-
128 and provides the following features:
— Tag Authentication;
— Tag Authentication allows authenticated and encrypted reading of a part of the Tag’s memory;
— Interrogator Authentication;
— Interrogator Authentication allows authenticated and encrypted writing of a part of the Tag’s memory;
— Mutual Authentication.
Crypto suite only supports encryption on the Tag and uses encryption for “encrypting” messages sent
from the Tag to the Interrogator and “decrypting” messages received from the Interrogator.
The International Organization for Standardization (ISO) and International Electrotechnical
Commission (IEC) draw attention to the fact that it is claimed that compliance with this document
might involve the use of patents concerning radio-frequency identification technology
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO/IEC 29158:2020(Main)
Information technology — Automatic identification and data capture techniques — Direct Part Mark (DPM) Quality Guideline

This document is an engineering document intended for verifier manufacturers and application specification developers. This document describes modifications to the symbol quality methodology defined in ISO/IEC 15415 and a symbology specification. It defines alternative illumination conditions, some new terms and parameters, modifications to the measurement and subsequent grading of certain parameters and the reporting of the grading results. This document was developed to assess the symbol quality of direct marked parts, where the mark is applied directly to the surface of the item and the reading device is a two-dimensional imager. When application specifications allow, this method is also potentially applicable to symbols produced by other methods. This is appropriate when direct part marked (DPM) symbols and non-DPM symbols are being scanned in the same scanning environment. The symbol grade is reported as a DPM grade rather than as an ISO/IEC 15415 grade.

  • Standard
    33 pages
    English language
    sale 15% off
  • Standard
    33 pages
    English language
    sale 15% off
ISO
ISO/IEC 15961-2:2019(Main)
Information technology — Data protocol for radio frequency identification (RFID) for item management — Part 2: Registration of RFID data constructs

This document specifies the procedural requirements to maintain specific RFID data constructs. The data constructs are associated with managing open and closed applications that utilise RFID systems which conform to the data protocol defined in other parts of ISO/IEC 15961 and ISO/IEC 15962, and the air interface protocols of ISO/IEC 18000. It also outlines the obligations of the Registration Authority and the application administrators, with respect to: — the allocation of AFIs to particular applications defined by the application administrator; — the allocation of data formats to particular applications defined by the application administrator; — the registration of Root-OIDs, compliant with ISO/IEC 9834-1, to any Unique Item Identifiers used in applications defined by the application administrator; — the registration of Root-OIDs, compliant with ISO/IEC 9834-1, to any other data used in applications defined by the application administrator; — the registration of various table-driven encoding schemes, compliant with ISO/IEC 15962.

  • Standard
    8 pages
    English language
    sale 15% off
ISO
ISO/IEC 24770-5:2019(Main)
Information technology —Real-time locating system (RTLS) device performance test methods — Part 5: Test methods for chirp spread spectrum (CSS) air interface

This document defines the test methods for determining the performance characteristics of chirp spread spectrum (CSS) real time locating system (RTLS) equipment including tags and readers which are applicable to the selection of equipment that conforms to ISO/IEC 24730‑5 for specific applications. This document does not apply to the testing in relation to regulatory or similar requirements. The RTLS equipment performance parameters included in this document only include the chirp spread spectrum (CSS) radio frequencies link between tags and readers. Unlike ISO/IEC 18305, the tests in this document apply exclusively to RTLS equipment defined in ISO/IEC 24730‑5 unless specified otherwise.

  • Standard
    9 pages
    English language
    sale 15% off
ISO
ISO/IEC 15961-3:2019(Main)
Information technology — Data protocol for radio frequency identification (RFID) for item management — Part 3: RFID data constructs

This document specifies rules and code structures associated with the data constructs for RFID for item management. In particular, it: — defines the application family identifier (AFI), including the range of code values that are available to use for RFID for item management; — defines the data format, including the range of code values that are available to use for RFID for item management; — describes the Object Identifier structure used for RFID for item management; — specifies the function of the Object Identifier for the Unique Item Identifier (UII); — specifies the function of the Object Identifier for other item attendant data. NOTE Conventionally in International Standards, long numbers are separated by a space character as a "thousands separator". This convention has not been followed in this document because the arcs of an Object Identifier are defined by a space separator (according to ISO/IEC 8824 and ISO/IEC 8825). As the correct representation of these arcs is vital to this document, all numeric values have no space separators except to denote a node between two arcs of an Object Identifier. For additional clarity, Object Identifiers are presented in bold text.

  • Standard
    13 pages
    English language
    sale 15% off
  • Standard
    13 pages
    English language
    sale 15% off
ISO
ISO/IEC 18000-4:2018(Main)
Information technology — Radio frequency identification for item management — Part 4: Parameters for air interface communications at 2,45 GHz

This document defines the air interface for radio frequency identification (RFID) devices operating in the 2,45 GHz industrial, scientific, and medical (ISM) band used in item management applications. This document provides a common technical specification for RFID devices that can be used by ISO committees developing RFID application standards. This document is intended to allow for compatibility and to encourage inter-operability of products for the growing RFID market in the international marketplace. This document defines the forward and return link parameters for technical attributes including, but not limited to, operating frequency, operating channel accuracy, occupied channel bandwidth, maximum equivalent isotropically radiated power (EIRP), spurious emissions, modulation, duty cycle, data coding, bit rate, bit rate accuracy, bit transmission order, and where appropriate, operating channels, frequency hop rate, hop sequence, spreading sequence, and chip rate. This document further defines the communications protocol used in the air interface. This document contains four modes. Mode 1 is an interrogator talks first with passive tag. Mode 2 is a tag talks first with battery-assisted passive tag. Mode 3 is a globally available, ubiquitous network supporting (but not limited to) the logistics and transportation industry; agnostic to any device, commercial or otherwise, requiring global availability. Mode 4 is a configurable data rate active RFID system. It provides the functions of long range objects identification and environmental sense, and it is intended to realize the low cost device and low power consumption, long range identification, fast and reliable tags access. The detailed technical differences between the modes are shown in the parameter tables.

  • Standard
    200 pages
    English language
    sale 15% off
ISO
ISO/IEC 21277:2018(Main)
Information technology — Radio frequency identification device performance test methods — Crypto suite

ISO/IEC 21277:2018 defines test methods to measure the performance of crypto suites of radio frequency identification (RFID) devices (tags and interrogators) for item management as specified in ISO/IEC 18000‑63 and ISO/IEC 29167 (all parts). These test methods measure the crypto suite system performance (tags and interrogators) against the crypto suite outcomes as required by the desired set of use case requirements for a specific application/service. These test methods are used as an extension of ISO/IEC 18046‑1 but can be used in a standalone manner. Crypto suite performance can vary substantially between crypto suites, implementations of a crypto suite for tags and interrogators and crypto suite outcomes in specific interrogation scenarios. Tag crypto functions require time and energy to complete successfully. The desired crypto strength and method influence the time and energy required. "Crypto suite performance" is therefore defined in this document as "the shortest time to complete a crypto outcome at a given read distance in relation to the RF power available". This document provides guidelines in the evaluation of the measurement results. The test methods do not measure crypto capabilities which include crypto strength, suitability and robustness. They neither measure random generator performance nor deal with key management.

  • Standard
    9 pages
    English language
    sale 15% off
  • Standard
    9 pages
    English language
    sale 15% off
ISO
ISO/IEC 18047-6:2017(Main)
Information technology — Radio frequency identification device conformance test methods — Part 6: Test methods for air interface communications at 860 MHz to 960 MHz

ISO/IEC 18047-6 defines test methods for determining the conformance of radio frequency identification (RFID) devices (tags and interrogators) for item management with the specifications given in ISO/IEC 18000-61, ISO/IEC 18000-62, ISO/IEC 18000-63 and ISO/IEC 18000-64, but does not apply to the testing of conformity with regulatory or similar requirements. The test methods require only that the mandatory functions, and any optional functions which are implemented, are verified. This can, in appropriate circumstances, be supplemented by further, application-specific functionality criteria that are not available in the general case. The interrogator and tag conformance parameters in ISO/IEC 18047-6 are the following: - type-specific conformance parameters including nominal values and tolerances; - parameters that apply directly affecting system functionality and inter-operability. Parameters that are already included in regulatory test requirements are not included in ISO/IEC 18047-6. Unless otherwise specified, the tests in ISO/IEC 18047-6 are intended to be applied exclusively to RFID tags and interrogators defined in ISO/IEC 18000-61, ISO/IEC 18000-62, ISO/IEC 18000-63 and ISO/IEC 18000-64.

  • Standard
    83 pages
    English language
    sale 15% off
ISO
ISO/IEC TS 29167-15:2017(Main)
Information technology — Automatic identification and data capture techniques — Part 15: Crypto suite XOR security services for air interface communications

ISO/IEC TS 29167-15:2017 defines a coding suite based on an exclusive or (XOR) operation for the ISO/IEC 18000 air interfaces standards for radio frequency identification (RFID) systems. In particular, it specifies the use of XOR as a basic way to hide plain data in the identity authentication and secure communication procedures. The coding suite is defined in alignment with existing air interfaces. ISO/IEC TS 29167-15:2017 defines various authentication methods and methods of use for the XOR. A tag and an interrogator may support one, a subset, or all of the specified options, clearly stating what is supported.

  • Technical specification
    22 pages
    English language
    sale 15% off
  • Technical specification
    22 pages
    English language
    sale 15% off
ISO
ISO/IEC 15416:2016(Main)
Automatic identification and data capture techniques — Bar code print quality test specification — Linear symbols

ISO/IEC 15416:2016: - specifies the methodology for the measurement of specific attributes of bar code symbols; - defines a method for evaluating these measurements and deriving an overall assessment of symbol quality; and - provides information on possible causes of deviation from optimum grades to assist users in taking appropriate corrective action. ISO/IEC 15416:2016 applies to those symbologies for which a reference decode algorithm has been defined, and which are intended to be read using linear scanning methods, but its methodology can be applied partially or wholly to other symbologies.

  • Standard
    36 pages
    English language
    sale 15% off
ISO
ISO/IEC 18305:2016(Main)
Information technology — Real time locating systems — Test and evaluation of localization and tracking systems

ISO/IEC 18305:2016 identifies appropriate performance metrics and test & evaluation scenarios for localization and tracking systems, and it provides guidance on how best to present and visualize the T&E results. It focuses primarily on indoor environments.

  • Standard
    76 pages
    English language
    sale 15% off