ISO/IEC TS 30168:2024

ISO/IEC TS 30168
Edition 1.0 2024-05
TECHNICAL
SPECIFICATION
colour
inside
Internet of Things (IoT) – Generic trust anchor application programming
interface for industrial IoT devices

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or
by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either
IEC or IEC's member National Committee in the country of the requester. If you have any questions about ISO/IEC
copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or
your local IEC member National Committee for further information.

IEC Secretariat Tel.: +41 22 919 02 11
3, rue de Varembé info@iec.ch
CH-1211 Geneva 20 www.iec.ch
Switzerland
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.

About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigendum or an amendment might have been published.

IEC publications search - webstore.iec.ch/advsearchform IEC Products & Services Portal - products.iec.ch
The advanced search enables to find IEC publications by a Discover our powerful search engine and read freely all the
variety of criteria (reference number, text, technical publications previews, graphical symbols and the glossary.
committee, …). It also gives information on projects, replaced With a subscription you will always have access to up to date
and withdrawn publications. content tailored to your needs.

IEC Just Published - webstore.iec.ch/justpublished
Electropedia - www.electropedia.org
Stay up to date on all new IEC publications. Just Published
The world's leading online dictionary on electrotechnology,
details all new publications released. Available online and once
containing more than 22 500 terminological entries in English
a month by email.
and French, with equivalent terms in 25 additional languages.

Also known as the International Electrotechnical Vocabulary
IEC Customer Service Centre - webstore.iec.ch/csc
(IEV) online.
If you wish to give us your feedback on this publication or need

further assistance, please contact the Customer Service
Centre: sales@iec.ch.
ISO/IEC TS 30168
Edition 1.0 2024-05
TECHNICAL
SPECIFICATION
colour
inside
Internet of Things (IoT) – Generic trust anchor application programming

interface for industrial IoT devices

INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
ICS 35.020 ISBN 978-2-8322-8518-3

– 2 – ISO/IEC TS 30168:2024 © ISO/IEC 2024
CONTENTS
FOREWORD . 7
INTRODUCTION . 9
1 Scope . 10
2 Normative references . 10
3 Terms and definitions . 10
4 Abbreviated terms . 12
5 Architecture . 14
5.1 General . 14
5.2 Relation to ISO/IEC 30141 . 14
5.3 Intended target environment . 14
5.4 Functional scope . 15
5.5 Concepts . 15
5.5.1 Abstraction . 15
5.5.2 Object information model . 20
5.5.3 Identifiers . 22
5.5.4 Personalities . 23
5.5.5 Profiles . 24
5.5.6 Device states . 25
5.5.7 Access control . 25
5.5.8 Secure element properties . 26
5.6 Implementation view . 28
5.6.1 System design considerations . 28
5.6.2 Personalities . 29
5.6.3 Profiles . 30
5.6.4 Device states . 32
5.6.5 Access control . 37
5.6.6 GTA API start-up . 40
6 API specification . 41
6.1 Overview . 41
6.2 Language binding . 46
6.3 Endianness . 46
6.4 Exception handling . 46
6.5 Using GTA API from an application . 46
6.5.1 Header files . 46
6.5.2 Call conventions and error handling . 46
6.6 Types and function documentation . 47
6.6.1 Basic types . 47
6.6.2 General management functions . 50
6.6.3 Process synchronization . 55
6.6.4 Secure memory management . 59
6.6.5 Function parameter I/O streams . 61
6.6.6 Instance management functions . 65
6.6.7 Context management functions . 67
6.6.8 Access token functions . 71
6.6.9 Device state management functions . 75
6.6.10 Identifier and personality management . 77

6.6.11 Access policy management functions. 97
6.6.12 Data protection functions . 106
6.6.13 Channel protection functions . 109
6.6.14 Supplementary security functions . 114
6.6.15 Trusted execution environment . 115
6.6.16 Secure element provider implementation support . 115
Annex A (normative) GTA API C header files . 119
A.1 Dependencies . 119
A.2 Application interface – gta_api.h . 119
A.3 Provider interface – gta_apif.h . 119
A.4 Handles – gta_handle.h . 119
A.5 Function parameter I/O streams – gta_stream.h . 120
A.6 Error information – gta_errinfo.h . 120
A.7 Secure memory management – gta_secmen.h . 120
A.8 Process synchronization – gta_psync.h . 120
Annex B (normative) Basic profiles . 121
B.1 ch.iec.30168.basic.passcode . 121
B.1.1 Description . 121
B.1.2 Deployment . 121
B.1.3 Usage . 122
B.2 ch.iec.30168.basic.local_data_integrity_only . 122
B.2.1 Description . 122
B.2.2 Creation . 122
B.2.3 Usage . 123
B.3 ch.iec.30168.basic.local_data_protection . 124
B.3.1 Description . 124
B.3.2 Creation . 124
B.3.3 Usage . 124
Annex C (informative) Example security scenarios for Industrial IoT . 126
C.1 Analysis of example security scenarios for IIoT . 126
C.1.1 General . 126
C.1.2 Scenarios for application protocols . 126
C.1.3 Secure device identities . 131
C.1.4 Supply-chain and trustworthiness/authenticity of device. 132
C.1.5 Device integrity protection . 133
C.1.6 Application security . 134
C.1.7 Feature licensing . 136
C.1.8 Device and machine management . 137
C.1.9 Blockchain/distributed ledger technology . 140
C.1.10 GTA management . 141
C.2 Security requirements for security scenarios . 142
C.2.1 General . 142
C.2.2 General or nonfunctional requirements . 142
C.2.3 Functional security requirements overview and description . 143
C.2.4 Security requirements for OPC UA. 145
C.2.5 Security requirements for PROFINET security extensions . 145
C.2.6 Security requirements for secure communication . 146
C.2.7 Security requirements for secure device identities . 146
C.2.8 Security requirements for trustworthiness/authenticity of device . 147

– 4 – ISO/IEC TS 30168:2024 © ISO/IEC 2024
C.2.9 Security requirements for device integrity protection . 147
C.2.10 Security requirements for application security . 148
C.2.11 Security requirements for feature licensing . 148
...