ISO/IEC 19823-10:2026

International
Standard
ISO/IEC 19823-10
Third edition
Information technology —
2026-03
Conformance test methods for
security service crypto suites —
Part 10:
Crypto suite AES-128
Technologies de l'information — Méthodes d'essai de conformité
pour les suites cryptographiques des services de sécurité —
Partie 10: Suite cryptographique AES-128
Reference number
© ISO/IEC 2026
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
© ISO/IEC 2026 – All rights reserved
ii
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms, definitions, symbols and abbreviated terms . 1
3.1 Terms and definitions .1
3.2 Symbols and abbreviated terms .2
4 Test methods . 2
4.1 General .2
4.2 By demonstration .2
4.3 By design .2
5 Test methods for the ISO/IEC 18000 series . 2
5.1 Test requirements for ISO/IEC 18000-3 Interrogators and Tags .2
5.2 Test requirements for ISO/IEC 18000-63 Interrogators and Tags .3
6 Test methods related to ISO/IEC 29167-10 Interrogators and Tags . 3
6.1 Test map for optional features .3
6.2 Additional parameters required as input for the test .4
6.3 Crypto suite requirements .4
6.3.1 General .4
6.3.2 Crypto suite requirements of ISO/IEC 29167-10:2026, Clauses 4 to 6 .4
6.3.3 Crypto suite requirements of ISO/IEC 29167-10:2026, Clauses 7 to 12 .4
6.3.4 Crypto suite requirements of ISO/IEC 29167-10:2026, Annex A .19
6.3.5 Crypto suite requirements of ISO/IEC 29167-10:2026, Annex E .19
7 Test patterns .23
7.1 General . 23
7.2 Test pattern information . 23
7.2.1 General . 23
7.2.2 Information related to ISO/IEC 18000-3:2010, MODE 1 .24
7.2.3 Information related to ISO/IEC 18000-63 .24
7.3 Test pattern descriptions . 25
7.3.1 General . 25
7.3.2 Test pattern 01 (TAM reject message when "AuthMethod" is '11') . 25
7.3.3 Test pattern 02 (TAM1 execution and error handling) . 25
7.3.4 Test pattern 03 (TAM1 execution for all keys) .27
7.3.5 Test pattern 04 (TAM1 store Tag reply in the response buffer) .27
7.3.6 Test pattern 05 (TAM1 with Challenge, read Tag reply from the response buffer) . 29
7.3.7 Test pattern 06 (TAM2 execution and error handling) . 30
7.3.8 Test pattern 07 (TAM2 unauthorized use of KeyID for profile) . 33
7.3.9 Test pattern 08 (TAM2 execution for all keys) . 34
7.3.10 Test pattern 09 (MAM1 execution and error handling) . 35
7.3.11 Test pattern 10 (MAM2 execution and error handling) . 36
7.3.12 Test pattern 11 (MAM1 and MAM2 execution for all keys) . 40
Bibliography .42

© ISO/IEC 2026 – All rights reserved
iii
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical activity.
ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations,
governmental and non-governmental, in liaison with ISO and IEC, also take part in the work.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types
of document should be noted. This document was drafted in accordance with the editorial rules of the ISO/
IEC Directives, Part 2 (see www.iso.org/directives or www.iec.ch/members_experts/refdocs).
ISO and IEC draw attention to the possibility that the implementation of this document may involve the
use of (a) patent(s). ISO and IEC take no position concerning the evidence, validity or applicability of any
claimed patent rights in respect thereof. As of the date of publication of this document, ISO and IEC had
received notice of (a) patent(s) which may be required to implement this document. However, implementers
are cautioned that this may not represent the latest information, which may be obtained from the patent
database available at www.iso.org/patents and https://patents.iec.ch. ISO and IEC shall not be held
responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO's adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www.iso.org/iso/foreword.html.
In the IEC, see www.iec.ch/understanding-standards.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 31, Automatic identification and data capture techniques.
This third edition cancels and replaces the second edition (ISO/IEC 19823-10:2020), which has been
technically revised.
The main change is as follows: test items have been updated to reflect changes to the over-the-air protocol.
A list of all parts in the ISO/IEC 19823 series can be found on the ISO and IEC websites.
Any feedback or questions on this document should be directed to the user’s national standards
body. A complete listing of these bodies can be found at www.iso.org/members.html and
www.iec.ch/national-committees.

© ISO/IEC 2026 – All rights reserved
iv
Introduction
The ISO/IEC 29167 series describes security services that are applicable for the ISO/IEC 18000 series.
The various parts of the ISO/IEC 29167 series describe crypto suites that are optional extensions to the
ISO/IEC 18000 series air interfaces.
The ISO/IEC 19823 series describes conformance test methods for security service crypto suites.
The ISO/IEC 19823 series is related to the ISO/IEC 18047 series, which describes the radio frequency
identification device conformance test methods, in the same way as the ISO/IEC 29167 series is related to
the ISO/IEC 18000 series. These relations mean that, for a product that is claimed to be conform to a pair of
ISO/IEC 18000-n and ISO/IEC 29167-m, the test methods of ISO/IEC 18047-n and ISO/IEC 19823-m apply. If
a product supports more than one part of the ISO/IEC 18000 series or the ISO/IEC 29167 series, all related
parts of ISO/IEC 18047 and ISO/IEC 19823 apply.
The conformance parameters are:
— parameters that apply directly affecting system functionality and inter-operability;
— protocol including commands and replies;
— nominal values and tolerances.
NOTE 1 ISO/IEC 18047-6 contains the conformance test requirements of ISO/IEC 18000-6, ISO/IEC 18000-61,
ISO/IEC 18000-62, ISO/IEC 18000-63 and ISO/IEC 18000-64.
NOTE 2 Test methods for Interrogator and Tag performance are covered in the ISO/IEC 18046 series.

© ISO/IEC 2026 – All rights reserved
v
International Standard ISO/IEC 19823-10:2026(en)
Information technology — Conformance test methods for
security service crypto suites —
Part 10:
Crypto suite AES-128
1 Scope
This document describes the test methods for determining conformance for the security crypto suite AES-
128 defined in ISO/IEC 29167-10.
This document contains conformance tests for all mandatory and applicable optional functions.
Unless otherwise specified, the tests in this document are only applicable to radio frequency identification
(RFID) Tags and Interrogators defined in the ISO/IEC 15693 series and in the ISO/IEC 18000 series using
ISO/IEC 29167-10.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content constitutes
requirements of this document. For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 17025, General requirements for the competence of testing and calibration laboratories
ISO/IEC 18047-3:2022, Information technology — Radio frequency identification device conformance test
methods — Part 3: Test methods for air interface communications at 13,56 MHz
ISO/IEC 18000-63:2026, Information technology — Radio frequency identification device conformance test
1)
methods — Part 6: Test methods for air interface communications at 860 MHz to 960 MHz
ISO/IEC 18047-6:2025, Information technology — Radio frequency identification device conformance test
methods — Part 6: Test methods for air interface communications at 860 MHz to 960 MHz
ISO/IEC 19762, Information technology — Automatic identification and data capture (AIDC) techniques —
Vocabulary
ISO/IEC 29167-10:2026, Information technology — Automatic identification and data capture techniques —
Part 10: Crypto suite AES-128 security services for air interface communications
3 Terms, definitions, symbols and abbreviated terms
3.1 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 19762 and ISO/IEC 29167-10
apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
1) Under preparation. Stage at the time of publication: ISO/IEC DIS 18000-63:2026.

© ISO/IEC 2026 – All rights reserved
— IEC Electropedia: available at https:// www .electropedia .org/
3.2 Symbols and abbreviated terms
For the purposes of this document, the symbols and abbreviated terms given in ISO/IEC 19762 apply.
4 Test methods
4.1 General
This clause describes the general test methods for ISO/IEC 29167-10. As the parts of the ISO/IEC 19823 series
are always tested in relation with the ISO/IEC 18047 series, a duplication of information requirements and
specifications should be avoided.
Clause 5 describes elements that are covered in the respective part of the ISO/IEC 18047 series and,
therefore, are not addressed in the ISO/IEC 19823 series. The ISO/IEC 19823 series only defines them, if the
ISO/IEC 18047 series does not define them. However, if applicable, a revision of the respective part of the
ISO/IEC 18047 series would be the better option instead of adding it to the ISO/IEC 19823 series.
Clause 6 describes elements that are not covered by the ISO/IEC 18047 series and, therefore, are addressed
in the respective parts of the ISO/IEC 19823 series.
4.2 By demonstration
“By demonstration” means that laboratory testing of one or, if required for statistical reasons, multiple
products, processes or services to ensure conformance.
A test laboratory meeting the requirements of ISO/IEC 17025 shall be selected for the performance of the
indicated testing to ensure conformance of the component or system.
For protocol requirements that are verified by demonstration, the test conditions are specified by this
document. The detailed test plan is at the discretion of the test laboratory.
4.3 By design
“By design” means that either design parameters or theoretical analysis, or both, ensure conformance. A
vendor submitting a component or system for conformance testing shall provide the necessary technical
information, in the form of a technical memorandum or similar. A test laboratory shall issue a test certificate
indicating whether the technical analysis was sufficient to ensure conformance of the component or system.
For protocol requirements that are verified by design, the method of technical analysis is at the discretion
of the submitting vendor and is not specified by this document. In general, the technical analysis shall have
sufficient rigor and technical depth to convince a test engineer knowledgeable of the protocol that the
particular requirement has been met.
5 Test methods for the ISO/IEC 18000 series
5.1 Test requirements for ISO/IEC 18000-3 Interrogators and Tags
The requirements and recommendations given in ISO/IEC 18047-3:2022, 5.2 on default conditions applicable
to the test methods shall be fulfilled.
Before a device under test (DUT) is tested according to this document, it shall successfully pass the following
prerequisite from ISO/IEC 18047-3:2022, 5.3 on conformance tests for ISO/IEC 18000-3:2010, MODE 1.

© ISO/IEC 2026 – All rights reserved
5.2 Test requirements for ISO/IEC 18000-63 Interrogators and Tags
The requirements and recommendations of ISO/IEC 18047-6:2025, Clauses 4 and 5 on default conditions
applicable to the test methods and on set up of test equipment, respectively, shall be fulfilled.
Before a DUT is tested according to this document, it shall successfully pass the following prerequisite from
ISO/IEC 18047-6:2025, Clause 8 on conformance tests for ISO/IEC 18000-63.
6 Test methods related to ISO/IEC 29167-10 Interrogators and Tags
6.1 Test map for optional features
Table 1 lists all optional features of this crypto suite and shall be used as a template to report the test results.
Table 1 — Test map for optional features
Mark item to be
Item Test
Feature Additional requirement tested for
no. result
supplied product
Shall be tested with the Authenticate command of the
1 TAM2 relevant part of the ISO/IEC 15693 series or the ISO/
IEC 18000 series.
Shall be tested for all the declared memory profiles and
for every supported key.
Memory profiles and
1.1
MPI MAX_Profiles=Number of memory profiles.
MAX_KeyID=Number of keys supported.
Shall be tested with the Authenticate command of the
1.21 ProtMode=0000 relevant part of the ISO/IEC 15693 series or the ISO/
b
IEC 18000 series.
Shall be tested with the Authenticate command of the
1.22 ProtMode=0001 relevant part of the ISO/IEC 15693 series or the ISO/
b
IEC 18000 series.
Shall be tested with the Authenticate command of the
1.23 ProtMode=0010 relevant part of the ISO/IEC 15693 series or the ISO/
b
IEC 18000 series.
Shall be tested with the Authenticate command of the
1.24 ProtMode=0011 relevant part of the ISO/IEC 15693 series or the ISO/
b
IEC 18000 series.
Shall be tested with the Authenticate command of the
2 IAM1 relevant part of the ISO/IEC 15693 series or the ISO/
IEC 18000 series.
Shall be tested with the Authenticate command of the
3 IAM2 relevant part of the ISO/IEC 15693 series or the ISO/
IEC 18000 series.
Shall be tested with the Authenticate command of the
4 IAM3 relevant part of the ISO/IEC 15693 series or the ISO/
IEC 18000 series.
Shall be tested for all the declared memory profiles and
for every supported key.
Memory profiles and
5.1
MPI MAX_Profiles=Number of memory profiles.
MAX_KeyID=Number of keys supported.
Shall be tested with the Authenticate command of the
5.21 ProtMode=0000 relevant part of the ISO/IEC 15693 series or the ISO/
b
IEC 18000 series.
© ISO/IEC 2026 – All rights reserved
TTaabbllee 11 ((ccoonnttiinnueuedd))
Mark item to be
Item Test
Feature Additional requirement tested for
no. result
supplied product
Shall be tested with the Authenticate command of the
5.22 ProtMode=0001 relevant part of the ISO/IEC 15693 series or the ISO/
b
IEC 18000 series.
Shall be tested with the Authenticate command of the
5.23 ProtMode=0010 relevant part of the ISO/IEC 15693 series or the ISO/
b
IEC 18000 series.
Shall be tested with the Authenticate command of the
5.24 ProtMode=0011 relevant part of the ISO/IEC 15693 series or the ISO/
b
IEC 18000 series.
Shall be tested with the Authenticate command of the
6 MAM1 relevant part of the ISO/IEC 15693 series or the ISO/
IEC 18000 series.
Shall be tested with the Authenticate command of the
7 MAM2 relevant part of the ISO/IEC 15693 series or the ISO/
IEC 18000 series.
Table 3 lists all crypto suite requirements that shall be tested in dependence of the features of Table 1 as
supported by the DUT. Items marked with M are mandatory and shall be tested for each DUT.
6.2 Additional parameters required as input for the test
Table 2 lists all additional test parameters of this crypto suite.
Table 2 — Additional test parameters
Item
Feature Additional requirement Value
no.
Shall be provided to ensure that only test results for supported parameters
1 Maximum BlockSize
are taken into consideration.
Shall be provided to ensure that only test results for supported parameters
2 TAM2 Revision 0 or 1
are taken into consideration.
6.3 Crypto suite requirements
6.3.1 General
Subclause 6.3 refers to the requirements of ISO/IEC 29167-10.
6.3.2 Crypto suite requirements of ISO/IEC 29167-10:2026, Clauses 4 to 6
All the requirements of ISO/IEC 29167-10:2026, Clauses 4 to 6 shall be satisfied by design only.
6.3.3 Crypto suite requirements of ISO/IEC 29167-10:2026, Clauses 7 to 12
Table 3 contains all the requirements of ISO/IEC 29167-10:2026, Clauses 7 to 12.

© ISO/IEC 2026 – All rights reserved
Table 3 — Crypto suite requirements of ISO/IEC 29167-10:2026, Clauses 7 to 12
Item Protocol
b
Requirement M/O Applies to Verification method
a
no. subclause
Clause 7 The Tag shall transition from the Start State to the
0020 Crypto suite Next State conforming to the requirements speci- M Tag By design
state diagram fied in Annex A.
Clause 8
After power-up and after a reset, the crypto suite
0030 Initialization M Tag By design
shall transition into the Initial state.
and resetting
After the Tag encounters an error condition, it
0040 Clause 8 M Tag By design
shall transition into the Initial state.
After the Tag encounters an error condition, it may
send an error reply to the Interrogator, but in that
0050 Clause 8 M Tag By design
case the Tag shall select one Error Condition from
the list that is specified in Annex B.
A transition to Initial state shall also cause a reset
0060 Clause 8 M Tag By design
of all variables used by the crypto suite.
Implementations of this crypto suite shall assure
that all memory used for intermediate results is
0070 Clause 8 M Tag By design
cleared after each operation (message-response
pair) and after reset.
9.2 The authentication message shall include the
0080 Adding reference KeyID to select an encryption key in M Interrogator By design
custom data Table 27 (see Clause 11).
If protection of integrity and authenticity of the
0090 9.2 data is requested, the selected reference KeyID M Interrogator By design
shall also contain a MAC key.
A Tag that supports including custom data in the
By demonstration
0100 9.2 authentication process shall define at least one M Tag
using test pattern 08
and at most 16 memory profiles.
The memory profiles may also be linked to a key
By demonstration
0110 9.2 in Table 27 that shall be used for the encryption M Tag
using test pattern 07
process to protect the data.
The custom data block shall be defined by the
Interrogator/
0120 9.2 parameters BlockSize, Profile, Offset and Block- M By design
Tag
Count.
The mode of operation that shall be used for both
Interrogator/
0130 9.2 the encryption and protection of custom data, as M By design
Tag
specified by ProtMode.
BlockSize shall select the size of the custom data
Interrogator/
0140 9.2 block; "0 " specifies custom data in 64-bit blocks, M By design
b
Tag
"1 " specifies custom data as 16-bit blocks.
b
Profile shall select one of the memory profiles that
Interrogator/
0150 9.2 are supported by the Tag. The memory profiles are M By design
Tag
specified in Annex E.
Maximum binary value is "1111 ", or decimal 15,
b
0160 9.2 corresponding to a maximum number of 16 blocks M Tag By design
of custom data that shall be included.
Key
M mandatory; items are mandatory and shall be tested for all devices
O optional; items are optional and shall be tested only for devices that support the feature that is indicated by the requirement
a
All clauses, subclauses and tables referenced are from ISO/IEC 29167-10:2026.
b
This column can define test patterns that are used for verification by demonstration.

© ISO/IEC 2026 – All rights reserved
TTaabbllee 33 ((ccoonnttiinnueuedd))
Item Protocol
b
Requirement M/O Applies to Verification method
a
no. subclause
If the number of included bits of the custom data
including the header is not a multiple of 128,
0170 9.2 padding with zeroes shall be applied to the least M Tag By design
significant bits of the last block that has a non-ze-
ro block size of less than 128 bits.
The Interrogator shall maintain the value of
0180 9.2 BlockCount for use as part of the MAC verification M Interrogator By design
process.
The Tag manufacturer shall specify the number of
0190 9.2 M By design
custom data blocks that can be included.
The minimum value of D shall be 1. The maximum
0200 9.2 value of D supported by the Tag is specified by the M By design
Tag manufacturer.
ProtMode specifies the mode of operation that
Interrogator/
0210 9.2 shall be used for either the encryption or M By design
Tag
protection of the custom data, or both.
9.3 The crypto suite shall parse the Messages and
Message and process the data based on the value of
0220 M Tag By design
response AuthMethod, which is the first parameter (first
formatting two bits) of all Messages.
The Messages for Tag Authentication,
Interrogator Authentication and Mutual Interrogator/
0230 9.3 M By design
Authentication shall be distinguished by Auth- Tag
Method.
If AuthMethod = "00 ", the Tag shall parse the
b
0240 9.3 Message for Tag Authentication as described in M Tag By design
9.4.
If AuthMethod = "01 ", the Tag shall parse Message
b
0250 9.3 for Interrogator Authentication as described in M Tag By design
9.5.
If AuthMethod = "10 ", the Tag shall parse Message
b
0260 9.3 M Tag By design
for Mutual Authentication as described in 9.6.
If AuthMethod = "11 ", the Tag shall return a "Not By demonstration,
b
0270 9.3 M Tag
Supported" error condition. using test pattern 01
If CustomData = "0 ", the Tag shall parse the TAM1
b
9.4.1 By demonstration,
0280 Message for Tag Authentication without custom M Tag
TAM using test pattern 03
data as described in 9.4.2.
If CustomData = "1 ", the Tag shall parse the TAM2
b
9.4.1 By demonstration,
0280 Message for Tag Authentication with custom data M Tag
TAM using test pattern 08
as described in 9.4.5.
For Tag authentication, the Interrogator shall
generate an 80-bit random TAM1 Interrogator
challenge and include that in the TAM1 message.
9.4.2 The TAM1 message shall also include the refer- Interrogator/ By demonstration,
0280 M
TAM1 ence KeyID to select an encryption key in Table 27 Tag using test pattern 03
(see Clause 11).
KeyID: 8-bit value that specifies the key that shall
be used for TAM1.
Key
M mandatory; items are mandatory and shall be tested for all devices
O optional; items are optional and shall be tested only for devices that support the feature that is indicated by the requirement
a
All clauses, subclauses and tables referenced are from ISO/IEC 29167-10:2026.
b
This column can define test patterns that are used for verification by demonstration.

© ISO/IEC 2026 – All rights reserved
TTaabbllee 33 ((ccoonnttiinnueuedd))
Item Protocol
b
Requirement M/O Applies to Verification method
a
no. subclause
The Tag shall accept this message in any state.
If the value of the parameters of the message is
0310 9.4.2 invalid, then the Tag shall transition to the Initial M Tag By design
state, thereby aborting any cryptographic proto-
col that has not yet been completed.
If the length of the TAM1 message is <> 96 bits, the By demonstration,
0330 9.4.2 M Tag
Tag shall return an "Other Error" error condition. using test pattern 02
If TAM1_RFU[4:0] is <> "00000 ", the Tag shall By demonstration,
b
0340 9.4.2 M Tag
return a "Not Supported" error condition. using test pattern 02
If the Tag does not support key[KeyID].ENC_key, By demonstration
0350 9.4.2 the Tag shall return a "Not Supported" error con- M Tag using test pattern 02
dition. (test pattern 5)
If all parameters have been successful verified,
the Tag shall generate a response as specified in
Table 5.
The Tag shall generate the random data TRnd_ By demonstration
0360 9.4.3 M Tag
TAM1[31:0] and encrypt the concatenation of the using test pattern 03
constant C_TAM1[15:0], the random data TRnd_
TAM1[31:0] and the challenge
IChallenge_TAM1[79:0] using Key[KeyID].ENC_key.
After returning the TAM1 Response (TResponse),
0380 9.4.3 M Tag By design
the Tag shall remain in the Initial state.
The Interrogator (or the external application
controlling the Interrogator) decrypts the TAM1
By demonstration
0390 9.4.4 Response (TResponse) and shall verify whether M Interrogator
using test pattern 03
C_TAM1 and IChallenge_TAM1 have the correct
value.
9.4.5
The Interrogator shall generate an 80-bit random
0400 TAM2 M Interrogator By design
number for use as TAM2 Interrogator challenge.
Message
BlockCount[3:0]: number that defines the size of
the custom data as a number of 16-bit or 64-bit
blocks. If the number of included bits of the cus-
0410 9.4.5 tom data including header is not a multiple of 128, M Interrogator By design
padding with zeroes shall be applied to the least
significant bits of the last block that has a non-ze-
ro block size of less than 128 bits.
The Interrogator shall maintain the value of
0420 9.4.5 BlockCount for use as part of the MAC verification M Interrogator By design
process.
The Tag manufacturer shall specify the number of
0430 9.4.5 M Tag By design
custom data blocks that can be included.
ProtMode[3:0]: value to select the mode of opera-
0440 9.4.5 tion that shall be used to process the custom data M Interrogator By design
as specified in Table 3.
0450 9.4.5 The Tag shall accept this message in any state. M Tag By design
Key
M mandatory; items are mandatory and shall be tested for all devices
O optional; items are optional and shall be tested only for devices that support the feature that is indicated by the requirement
a
All clauses, subclauses and tables referenced are from ISO/IEC 29167-10:2026.
b
This column can define test patterns that are used for verification by demonstration.

© ISO/IEC 2026 – All rights reserved
TTaabbllee 33 ((ccoonnttiinnueuedd))
Item Protocol
b
Requirement M/O Applies to Verification method
a
no. subclause
If the parameters of the message are invalid, the
Tag shall transition to the Initial state, thereby
0460 9.4.5 M Tag By design
aborting any cryptographic protocol that has not
yet been completed.
If the length of the TAM2 message is <> 120 bits,
By demonstration
0470 9.4.5 the Tag shall return an "Other Error" error condi- M Tag
using test pattern 06
tion.
If BlockSize = "1 " and the Tag does not support
b
0480 9.4.5 value "1 ", the Tag shall return a "Not Supported" M Tag By design
b
error condition.
If TAM2_Rev specifies a TAM2 message format
0490 9.4.5 that is not supported by the Tag, the Tag shall M Tag By design
return a "Not Supported" error condition.
If TAM2_RFU[2:0] is <> "000 ", the Tag shall re- By demonstration
b
0500 9.4.5 M Tag
turn a "Not Supported" error condition. using test pattern 06
If the Tag does not support key[KeyID].ENC_key,
By demonstration
0510 9.4.5 the Tag shall return a "Not Supported" error con- M Tag
using test pattern 06
dition.
If the memory profile specified in Profile is not
By demonstration
0520 9.4.5 supported by the Tag, the Tag shall return a "Not M Tag
using test pattern 06
Supported" error condition.
The Tag shall check if the specified memory profile
has the right to use KeyID for further processing:
By demonstration
0530 9.4.5 else key[KeyID] is not authorized for this memory M Tag
using test pattern 07
profile and the Tag shall return a "Not Supported"
error condition.
If the block of custom data specified by BlockSize,
Profile, Offset and BlockCount is not supported by By demonstration
0550 9.4.5 M Tag
the Tag, the Tag shall return a "Memory Overrun" using test pattern 06
error condition.
If the ProtMode value is not supported by the
0560 9.4.5 Tag, the Tag shall return a “Not Supported” error M Tag By design
condition.
9.4.6.1 If all parameters have been successfully verified,
By demonstration
0570 TAM2 Re- the Tag shall proceed with parsing the TAM2 M Tag
using test pattern 08
sponse message.
After returning the TAM2 Response (TResponse),
0580 9.4.6.1 M Tag By design
the Tag shall remain in the Initial state.
By demonstration
9.4.6.2
using test pattern
TAM2_Rev The Tag shall add custom data in plaintext to the
08, with profile that
0590 = "0 " and authentication block and generate a response as O Tag
b
is supported by the
ProtMode = specified in Table 7.
Tag and ProtMode =
"0000 "
b
"0000 "
b
Key
M mandatory; items are mandatory and shall be tested for all devices
O optional; items are optional and shall be tested only for devices that support the feature that is indicated by the requirement
a
All clauses, subclauses and tables referenced are from ISO/IEC 29167-10:2026.
b
This column can define test patterns that are used for verification by demonstration.

© ISO/IEC 2026 – All rights reserved
TTaabbllee 33 ((ccoonnttiinnueuedd))
Item Protocol
b
Requirement M/O Applies to Verification method
a
no. subclause
By demonstration
9.4.6.3 The Tag shall add custom data with confidentiality
using
TAM2_Rev protection to the authentication block and gener-
test pattern 08, with
0600 = "0 " and ate a response as specified in Table 8. O Tag
b
profile that is sup-
ProtMode = The Tag shall use AES encryption in CBC mode to
ported by the Tag and
"0001 " encrypt all D custom data blocks.
b
ProtMode = "0001 "
b
The Tag shall add custom data with integrity pro-
By demonstration
9.4.6.4 tection to the authentication block and generate a
using test pattern
TAM2_Rev response as specified in Table 9.
08, with profile that
0620 = "0 " and The Tag shall use AES-CMAC-96 to calculate the O Tag
b
is supported by the
ProtMode = truncated 96-bit CMAC over the authentication
Tag and ProtMode =
"0010 " block and the D following plaintext custom data
b
"0010 "
b
blocks.
The Tag shall add custom data with confidential-
ity and integrity protection to the authentication
block and generate a response as specified in
By demonstration
9.4.6.5 Table 10.
using test pattern
TAM2_Rev The Tag shall use AES encryption in CBC mode to
08, with profile that
0640 = "0 " and encrypt the initial authentication block and all O Tag
b
is supported by the
ProtMode = following D custom data blocks.
Tag and ProtMode =
"0011 " The Tag shall use AES-CMAC-96 to calculate the
b
"0011 "
b
truncated 96-bit CMAC over the authentication
block and the D following encrypted custom data
blocks.
The Tag shall compute the authentication block
By demonstration
9.4.6.6 as the encryption of C_TAM2_0[15:0], TRnd_
using test pattern
TAM2_Rev TAM2[31:0] and
08, with profile that
0670 = "1 " and IChallenge_TAM2[79:0]. O Tag
b
is supported by the
ProtMode = The Tag shall add the header and the custom data
Tag and ProtMode =
"0000 " in plaintext to the authentication block and gener-
b
"0000 "
b
ate a response as specified in Table 11.
The Tag shall compute the authentication block
as the encryption of C_TAM2_1[15:0], TRnd_
TAM2[31:0] and
By demonstration
9.4.6.7 IChallenge_TAM2[79:0].
using test pattern
TAM2_Rev The Tag shall add the header and the custom data
08, with profile that
0690 = "1 " and with confidentiality protection to the authentica- O Tag
b
is supported by the
ProtMode = tion block and generate a response as specified in
Tag and ProtMode =
"0001 " Table 12.
b
"0001 "
b
The Tag shall use AES encryption in CBC mode to
encrypt all D data blocks composed of the header
and the custom data.
Key
M mandatory; items are mandatory and shall be tested for all devices
O optional; items are optional and shall be tested only for devices that support the feature that is indicated by the requirement
a
All clauses, subclauses and tables referenced are from ISO/IEC 29167-10:2026.
b
This column can define test patterns that are used for verification by demonstration.

© ISO/IEC 2026 – All rights reserved
TTaabbllee 33 ((ccoonnttiinnueuedd))
Item Protocol
b
Requirement M/O Applies to Verification method
a
no. subclause
The Tag shall compute the authentication block
as the encryption of C_TAM2_2[15:0], TRnd_
TAM2[31:0] and
IChallenge_TAM2[79:0]. By demonstration
9.4.6.8
The Tag shall add the header and the custom data using test pattern
TAM2_Rev
with integrity protection to the authentication 08, with profile that
0720 = "1 " and O Tag
b
block and generate a response as specified in is supported by the
ProtMode =
Table 13. Tag and ProtMode =
"0010 "
b
The Tag shall use AES-CMAC-96 to calculate the "0010 "
b
truncated 96-bit CMAC over the authentication
block and the D following plaintext data blocks
composed of the header and the custom data.
The Tag shall add the header and the custom data
with confidentiality and integrity protection to
the authentication block and generate a response
as specified below and in Table 14. By demonstration
9.4.6.9
The Tag shall use AES encryption in CBC mode to using test pattern
TAM2_Rev
encrypt the initial authentication block and all 08, with profile that
0750 = "1 " and O Tag
b
following D data blocks composed of the header is supported by the
ProtMode =
and the custom data. Tag and ProtMode =
"0011 "
b
The Tag shall use AES-CMAC-96 to calculate the "0011 "
b
truncated 96-bit CMAC over the authentication
block and the D following encrypted custom data
blocks.
By demonstration
9.4.7.2 using test pattern 08
The Interrogator (or the external application
TAM2 Final and verifying that the
controlling the Interrogator) decrypts the TAM2
Interrogator Interrogator aborts if
0780 Response (TResponse) and shall verify whether M Interrogator
processing the local key at the In-
C_TAM2 and IChallenge_TAM2 have the correct
TAM2_Rev = terrogator is changed
value.
"0 " to a value different
b
from that in the Tag
By demonstration
9.4.7.3 using test pattern 08
The Interrogator (or the external application con-
TAM2 Final and verifying that the
trolling the Interrogator) decrypts the first block
Interrogator Interrogator aborts if
0790 of TAM2 Response (TResponse) and shall verify M Interrogator
processing the local key at the In-
whether C_TAM2 constant and IChallenge_TAM2
TAM2_Rev = terrogator is changed
have the correct value.
"1 " to a value different
b
from that in the Tag
0800 9.4.7.3 If ProtMode = 0000 , C_TAM2 shall be C_TAM2_0. M Interrogator By design
b
0810 9.4.7.3 If ProtMode = 0001 , C_TAM2 shall be C_TAM2_1. M Interrogator By design
b
0820 9.4.7.3 If ProtMode = 0010 , C_TAM2 shall be C_TAM2_2. M Interrogator By design
b
0830 9.4.7.3 If ProtMode = 0011 , C_TAM2 shall be C_TAM2_3 M Interrogator By design
b
If Step = "00 ", the Tag shall parse the IAM1 Mes-
b
9.5.1
0840 sage for Interrogator Authentication as described M Tag By design
IAM
in 9.5.2.
Key
M mandatory; items are mandatory and shall be tested for all devices
O optional; items are optional and shall be tested only for devices that support the feature that is indicated by the requirement
a
All clauses, subclauses and tables referenced are from ISO/IEC 29167-10:2026.
b
This column can define test patterns that are used for verification by demonstration.

© ISO/IEC 2026 – All rights reserved
TTaabbllee 33 ((ccoonnttiinnueuedd))
Item Protocol
b
Requirement M/O Applies to Verification method
a
no. subclause
If Step = "01 ", the Tag shall parse the IAM2 and
b
9.5.1 IAM3 Messages and process the data based on the
0850 M Tag By design
IAM value of CustomData, which is the third parameter
in the IAM2 and IAM3 Messages.
If Step = "01 " and CustomData = "0 ", the Tag
b b
9.5.1 shall parse the IAM2 Message for Interrogator
0860 M Tag By design
IAM Authentication without custom data as described
in 9.5.5.
If Step = "01 " and CustomData = "1 ", the Tag
b b
9.5.1 shall parse the IAM3 Message for Interrogator
0870 M Tag By design
IAM Authentication with custom data as described in
9.5.8.
9.5.1 If Step = "10 ", the Tag shall return a "Not Support-
b
0880 M Tag By design
IAM ed" error condition.
9.5.1 If Step = "11 ", the Tag shall return a "Not Support-
b
0890 M Tag By design
IAM ed" error condition.
The Tag shall accept this message only in the
9.5.2 Initial or the IA-OK state (unless occupied by
0900 M Tag By design
IAM1 internal processing and not capable of receiving
messages).
If the parameters of the message are invalid, then
9.5.2 the Tag shall transition to the Initial state, there-
0910 M Tag By design
IAM1 by aborting any cryptographic protocol that has
not yet been completed.
9.5.2 If the length of the IAM1 message is <> 16 bits, the
0920 M Tag By design
IAM1 Tag shall return an "Other Error" error condition.
If the value of IAM1_RFU[3:0] is <> "0000 ", the
b
9.5.2
0930 Tag shall return a "Not Supported" error condi- M Tag By design
IAM1
tion.
9.5.2 If the Tag does not support key[KeyID].ENC_key, it
0940 M Tag By design
IAM1 shall return a "Not Supported" error condition.
The Tag shall generate a random challenge TCh-
9.5.3
allenge_IAM1[79:0] and store a copy of TChal-
0950 IAM1 Re- M Tag By design
lenge_IAM1 for subsequent verification (see 9.5.5
sponse
or 9.5.8).
The Tag shall store a copy of KeyID for use in 9.5.5
0960 9.5.3 M Tag By design
or 9.5.8.
The Tag shall send the challenge TChallenge_IAM1
0970 9.5.3 M Tag By design
in the IAM1 Response as specified in Table 16.
After returning the IAM1 Response (TResponse),
0980 9.
...